Kayako · Kayako Supportsuite · CVE-2006-5825
Name of the Vulnerable Software and Affected Versions:
Kayako SupportSuite version 3.00.32
Description:
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the query string in the index.php file.
Recommendations:
For Kayako SupportSuite version 3.00.32, update to a newer version that contains a fix for this issue to prevent remote attackers from injecting arbitrary web script or HTML via the query string.