CVE-2005-4637

Name of the Vulnerable Software and Affected Versions Kayako SupportSuite versions 3.00.26 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved via several parameters and fields, including the nav parameter in the downloads module, Full Name and Email fields in the core module, Full Name, Email, and Subject fields in the tickets module, or the Registered Email field in the lostpassword feature in the core module.

Recommendations For Kayako SupportSuite versions 3.00.26 and earlier, update to a version later than 3.00.26 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.