Nessus Plugin #16022
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
Kayako eSupport SQL Injection and Cross-Site-Scripting
- Family:
- CGI abuses : XSS
- Category:
- attack
- Copyright:
- This script is Copyright (C) 2004 Noam Rathaus
- Summary:
- Checks for the presence of an SQL and XSS in Kayako
- Version:
- $Revision: 1.2 $
- Cve_id:
- -
- Bugtraq_id:
- 12037
- Xrefs:
- -
- Description:
Kayako eSupport is one of the most feature packed support systems
in this
tour you will find why over a thousand companies have decided to opt for
eSupport and use it to process their daily support requests.
This set of scripts may allow an attacker to cause an SQL
Injection vulnerability and a Cross Site Scripting in the program
allowing an attacker to cause the program to execute arbitrary
SQL statements and/or arbitrary JavaScript code.
Solution : Upgrade to the newest version of this software
Risk factor : High
Generiert am 27.04.2005 um 18:49:54 Uhr.