CVE-2009-3567

Published Oct 6, 2009

Last updated 8 years ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kayako:esupport:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F648C9B1-D21E-4B1B-9F72-779B497D73C3",
            "versionEndIncluding": "3.60.04"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC09C97F-C24C-458E-9660-163CA3389065"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E050349-5775-4CA5-BD12-B9E48A0CDDB7"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB479D2B-AA67-47EC-89F7-73CFB4852BD7"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5C16F63-65D9-4644-AC8F-1B18CAC125D2"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B098914-D522-426C-B54F-4844A2EEDC9B"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:2.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "207C5C3A-27FF-4EDA-B435-2316492CE84A"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:3.00.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80744826-A306-4243-B600-313AF19246C7"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:3.00.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F3C27692-8E90-4E08-A3AE-CA20109D99C8"
          },
          {
            "criteria": "cpe:2.3:a:kayako:esupport:3.04.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9F5C0117-98CA-407A-936B-41EB8E6582B7"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9CD0DB7E-26CB-4BB7-A133-AAB3F5D1ACAE",
            "versionEndIncluding": "3.60.04"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.00.26:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "306A4240-7895-4B3F-B8FC-91F76DAA4ADE"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.00.32:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCCD5F81-495F-4433-86BD-2F2AA7696334"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.10.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9C022D3-42ED-442E-9125-E0EAA8E74705"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.10.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7FC5A1D5-8831-4032-92D8-DD490CC28774"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.11.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "878901B9-06F2-49ED-A035-1BD86BB5F11D"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.11.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F297ABB-E65C-4BBF-B846-AFCC5A572540"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.20.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97A653BB-E814-4194-B911-CB3F6B69F5A9"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.30:rc2:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "68CB9C07-C2DC-4186-8B6E-5B902B6261D3"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.30:rc3:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "31270F05-C038-4C7D-9592-505FE936A993"
          },
          {
            "criteria": "cpe:2.3:a:kayako:supportsuite:3.50.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92135838-7596-42DD-B04A-B8ABFF790817"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References