Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Kayako SupportSuite 多个跨站脚本攻击漏洞
Vulnerability Description
Kayako SupportSuite是一套Web界面的在线支持系统。 Kayako SupportSuite 3.20.02及之前的版本存在多个跨站脚本攻击漏洞。远程攻击者可以利用visitor/index.php的livesupport startclientchat操作中的sessionid参数、index.php的news view操作中的filter参数,或account creation/ticket opening/chat request操作中的Full Name字段,注入任意的web脚本
CVSS Information
N/A
Vulnerability Type
N/A