N/A

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.

N/A

N/A

Kayako SupportSuite多个跨站脚本攻击漏洞

Kayako SupportSuite 3.00.26及更早版本中的index.php存在多个跨站脚本攻击漏洞，远程攻击者可以通过(1)下载模块中的nav参数，在核心模块中的(2)全名和(3)电子邮件字段，在票模块中的(4)全名，(5)电子邮件和(6)主题字段或核心模块中lostpassword特性的(7)已注册电子邮局字段注入任意Web脚本或HTML。

N/A

N/A