CVE-2009-3567

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
kayakoesupport
𝑥
≤ 3.60.04
kayakoesupport
2.1.2
kayakoesupport
2.1.8
kayakoesupport
2.2
kayakoesupport
2.2.5
kayakoesupport
2.3
kayakoesupport
2.3.1
kayakoesupport
3.00.13
kayakoesupport
3.00.90
kayakoesupport
3.04.10
kayakosupportsuite
𝑥
≤ 3.60.04
kayakosupportsuite
3.00.26
kayakosupportsuite
3.00.32
kayakosupportsuite
3.10.00
kayakosupportsuite
3.10.02
kayakosupportsuite
3.11.00
kayakosupportsuite
3.11.01
kayakosupportsuite
3.20.02
kayakosupportsuite
3.50.06
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/
http://osvdb.org/58516
http://secunia.com/advisories/36807
http://www.securityfocus.com/bid/36568
https://exchange.xforce.ibmcloud.com/vulnerabilities/53558
http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/
http://osvdb.org/58516
http://secunia.com/advisories/36807
http://www.securityfocus.com/bid/36568
https://exchange.xforce.ibmcloud.com/vulnerabilities/53558