CVE-2009-3567

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

Published: Oct 6, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3567
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
kayako / esupport	-	3.60.04.x
kayako / esupport	2.1.8	2.1.8.x
kayako / esupport	2.2	2.2.x
kayako / esupport	3.00.90	3.00.90.x
kayako / esupport	2.3.1	2.3.1.x
kayako / supportsuite	3.10.00	3.10.00.x
kayako / supportsuite	3.00.32	3.00.32.x
kayako / esupport	3.00.13	3.00.13.x
kayako / supportsuite	3.20.02	3.20.02.x
kayako / supportsuite	3.50.06	3.50.06.x
kayako / supportsuite	3.00.26	3.00.26.x
kayako / esupport	2.3	2.3.x
kayako / supportsuite	3.11.01	3.11.01.x
kayako / esupport	2.1.2	2.1.2.x
kayako / esupport	2.2.5	2.2.5.x
kayako / esupport	3.04.10	3.04.10.x
kayako / supportsuite	-	3.60.04.x
kayako / supportsuite	3.11.00	3.11.00.x
kayako / supportsuite	3.10.02	3.10.02.x

Vulnerability Database

290,020

CVE-2009-3567