CVE-2008-3700

Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.

Published: Aug 15, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3700
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
kayako / supportsuite	3.10.00	3.10.00.x
kayako / supportsuite	3.11.01	3.11.01.x
kayako / supportsuite	-	3.20.02.x
kayako / supportsuite	3.11.00	3.11.00.x
kayako / supportsuite	3.10.02	3.10.02.x

http://forums.kayako.com/f3/3-30-00-stable-released-18304/
http://osvdb.org/47613
http://osvdb.org/47614
http://osvdb.org/47615
http://secunia.com/advisories/31431
http://www.gulftech.org/?node=research&article_id=00123-08092008
http://www.securityfocus.com/bid/30642
https://exchange.xforce.ibmcloud.com/vulnerabilities/44382
https://exchange.xforce.ibmcloud.com/vulnerabilities/44383

Vulnerability Database

290,020

CVE-2008-3700