CVE-2009-3567
Published Oct 6, 2009
Last updated 7 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kayako:esupport:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F648C9B1-D21E-4B1B-9F72-779B497D73C3",
"versionEndIncluding": "3.60.04"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC09C97F-C24C-458E-9660-163CA3389065"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.1.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5E050349-5775-4CA5-BD12-B9E48A0CDDB7"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB479D2B-AA67-47EC-89F7-73CFB4852BD7"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.2.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B5C16F63-65D9-4644-AC8F-1B18CAC125D2"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B098914-D522-426C-B54F-4844A2EEDC9B"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:2.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "207C5C3A-27FF-4EDA-B435-2316492CE84A"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:3.00.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "80744826-A306-4243-B600-313AF19246C7"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:3.00.90:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F3C27692-8E90-4E08-A3AE-CA20109D99C8"
},
{
"criteria": "cpe:2.3:a:kayako:esupport:3.04.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9F5C0117-98CA-407A-936B-41EB8E6582B7"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CD0DB7E-26CB-4BB7-A133-AAB3F5D1ACAE",
"versionEndIncluding": "3.60.04"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.00.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "306A4240-7895-4B3F-B8FC-91F76DAA4ADE"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.00.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DCCD5F81-495F-4433-86BD-2F2AA7696334"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.10.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D9C022D3-42ED-442E-9125-E0EAA8E74705"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.10.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7FC5A1D5-8831-4032-92D8-DD490CC28774"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.11.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "878901B9-06F2-49ED-A035-1BD86BB5F11D"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.11.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F297ABB-E65C-4BBF-B846-AFCC5A572540"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.20.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97A653BB-E814-4194-B911-CB3F6B69F5A9"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.30:rc2:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "68CB9C07-C2DC-4186-8B6E-5B902B6261D3"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.30:rc3:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "31270F05-C038-4C7D-9592-505FE936A993"
},
{
"criteria": "cpe:2.3:a:kayako:supportsuite:3.50.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92135838-7596-42DD-B04A-B8ABFF790817"
}
],
"operator": "OR"
}
]
}
]