Seth Alan Woolley

**Name of the Vulnerable Software and Affected Versions** Kayako ESupport versions 2.3.1 and possibly other versions **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary HTML and web script via the `nav` parameter in the index.php file. **Recommendations** For version 2.3.1, consider restricting access to the `nav` parameter in the index.php file until a patch is available. As a temporary workaround, avoid using the `nav` parameter in the affected index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.