CVE-2008-3700

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
kayakosupportsuite
𝑥
≤ 3.20.02
kayakosupportsuite
3.10.00
kayakosupportsuite
3.10.02
kayakosupportsuite
3.11.00
kayakosupportsuite
3.11.01
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://forums.kayako.com/f3/3-30-00-stable-released-18304/
http://osvdb.org/47613
http://osvdb.org/47614
http://osvdb.org/47615
http://secunia.com/advisories/31431
http://www.gulftech.org/?node=research&article_id=00123-08092008
http://www.securityfocus.com/bid/30642
https://exchange.xforce.ibmcloud.com/vulnerabilities/44382
https://exchange.xforce.ibmcloud.com/vulnerabilities/44383
http://forums.kayako.com/f3/3-30-00-stable-released-18304/
http://osvdb.org/47613
http://osvdb.org/47614
http://osvdb.org/47615
http://secunia.com/advisories/31431
http://www.gulftech.org/?node=research&article_id=00123-08092008
http://www.securityfocus.com/bid/30642
https://exchange.xforce.ibmcloud.com/vulnerabilities/44382
https://exchange.xforce.ibmcloud.com/vulnerabilities/44383