Vulnerability Details CVE-2009-3427
Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://secunia.com/advisories/36253
- http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/
- http://www.securityfocus.com/archive/1/505637/100/0/threaded
- http://secunia.com/advisories/36253
- http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/
- http://www.securityfocus.com/archive/1/505637/100/0/threaded
Products affected by CVE-2009-3427
-
cpe:2.3:a:kayako:supportsuite:3.50.06