CVE-2007-2562

Name of the Vulnerable Software and Affected Versions Kayako eSupport version 3.00.90

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the m parameter in the index.php file.

Recommendations For Kayako eSupport version 3.00.90, update to a version that fixes this issue to prevent remote attackers from injecting arbitrary web script or HTML. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the m parameter to minimize the risk of exploitation.