CVE-2005-0487

Properties

Published:
29.03.2005
Updated:
20.10.2005
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N) Approximated
Product:
Kayako: eSupport

Vulnerability description

Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.

References:

The Aims Group: http://marc.theaimsgroup.com/?l=full-disclosure&m=110845724029888&w=2
Security Focus: http://www.securityfocus.com/bid/12563
FULLDISC: http://marc.theaimsgroup.com/?l=full-disclosure&m=110845724029888&w=2
XF: http://xforce.iss.net/xforce/xfdb/18571