OpenCVE

Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kayako	Esupport Supportsuite

Configuration 1 [-]

OR	cpe:2.3:a:kayako:esupport::::::::
	cpe:2.3:a:kayako:esupport:2.1.2:::::::*
	cpe:2.3:a:kayako:esupport:2.1.8:::::::*
	cpe:2.3:a:kayako:esupport:2.2:::::::*
	cpe:2.3:a:kayako:esupport:2.2.5:::::::*
	cpe:2.3:a:kayako:esupport:2.3:::::::*
	cpe:2.3:a:kayako:esupport:2.3.1:::::::*
	cpe:2.3:a:kayako:esupport:3.00.13:::::::*
	cpe:2.3:a:kayako:esupport:3.00.90:::::::*
	cpe:2.3:a:kayako:esupport:3.04.10:::::::*
	cpe:2.3:a:kayako:supportsuite::::::::
	cpe:2.3:a:kayako:supportsuite:3.00.26:::::::*
	cpe:2.3:a:kayako:supportsuite:3.00.32:::::::*
	cpe:2.3:a:kayako:supportsuite:3.10.00:::::::*
	cpe:2.3:a:kayako:supportsuite:3.10.02:::::::*
	cpe:2.3:a:kayako:supportsuite:3.11.00:::::::*
	cpe:2.3:a:kayako:supportsuite:3.11.01:::::::*
	cpe:2.3:a:kayako:supportsuite:3.20.02:::::::*
	cpe:2.3:a:kayako:supportsuite:3.30:rc2::::::
	cpe:2.3:a:kayako:supportsuite:3.30:rc3::::::
	cpe:2.3:a:kayako:supportsuite:3.50.06:::::::*

No data.

References

Link	Providers
http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/
http://osvdb.org/58516
http://secunia.com/advisories/36807
http://www.securityfocus.com/bid/36568
https://exchange.xforce.ibmcloud.com/vulnerabilities/53558

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-10-06T20:19:00

Updated: 2024-08-07T06:31:10.448Z

Reserved: 2009-10-06T00:00:00

Link: CVE-2009-3567

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-10-06T20:30:00.217

Modified: 2024-11-21T01:07:41.550

Link: CVE-2009-3567

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object