Search
Find a vulnerability
Search criteria
50 vulnerabilities by kayako
CVE-2022-35913 (GCVE-0-2022-35913)
Vulnerability from nvd – Published: 2022-09-06 21:01 – Updated: 2024-08-03 09:44
VLAI
Summary
Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.linuxfoundation.org/pipermail/bitco… | x_refsource_MISC |
| https://lists.linuxfoundation.org/pipermail/bitco… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other\u0027s paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T21:01:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other\u0027s paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35913",
"datePublished": "2022-09-06T21:01:43.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:44:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3233 (GCVE-0-2012-3233)
Vulnerability from nvd – Published: 2012-09-15 17:00 – Updated: 2024-08-06 19:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://wiki.kayako.com/display/DOCS/4.50.1581 | x_refsource_MISC |
| https://www.htbridge.com/advisory/HTB23095 | x_refsource_MISC |
| http://www.securityfocus.com/bid/55417 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/50366 | third-party-advisoryx_refsource_SECUNIA |
| http://wiki.kayako.com/display/DOCS/4.50.1619 | x_refsource_MISC |
| http://osvdb.org/85189 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.kayako.com/display/DOCS/4.50.1581",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"name": "https://www.htbridge.com/advisory/HTB23095",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50366"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.50.1619",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"refsource": "OSVDB",
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3233",
"datePublished": "2012-09-15T17:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:57:50.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4872 (GCVE-0-2012-4872)
Vulnerability from nvd – Published: 2012-09-06 21:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/52625 | vdb-entryx_refsource_BID |
| http://wiki.kayako.com/display/DOCS/4.40.985 | x_refsource_MISC |
| http://st2tea.blogspot.com/2012/03/kayako-fusion-… | x_refsource_MISC |
| http://wiki.kayako.com/display/DOCS/4.40.986 | x_refsource_MISC |
| http://secunia.com/advisories/48462 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52625"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.985",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"name": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.986",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4872",
"datePublished": "2012-09-06T21:00:00.000Z",
"dateReserved": "2012-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:17.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2912 (GCVE-0-2010-2912)
Vulnerability from nvd – Published: 2010-07-28 21:00 – Updated: 2024-08-07 02:46
VLAI
Summary
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/14404 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/41756 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/1007-exploits/kaya… | x_refsource_MISC |
Date Public
2010-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41756"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2912",
"datePublished": "2010-07-28T21:00:00.000Z",
"dateReserved": "2010-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2911 (GCVE-0-2010-2911)
Vulnerability from nvd – Published: 2010-07-28 21:00 – Updated: 2024-08-07 02:46
VLAI
Summary
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/41779 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/14392 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/1007-exploits/kaya… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2010/1843 | vdb-entryx_refsource_VUPEN |
Date Public
2010-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2911",
"datePublished": "2010-07-28T21:00:00.000Z",
"dateReserved": "2010-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0460 (GCVE-0-2010-0460)
Vulnerability from nvd – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/509122/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/37947 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38322 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1001-advisories/ka… | x_refsource_MISC |
| http://osvdb.org/61928 | vdb-entryx_refsource_OSVDB |
Date Public
2010-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:18.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38322"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38322"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38322"
},
{
"name": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"refsource": "OSVDB",
"url": "http://osvdb.org/61928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0460",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:18.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3567 (GCVE-0-2009-3567)
Vulnerability from nvd – Published: 2009-10-06 20:19 – Updated: 2024-08-07 06:31
VLAI
Summary
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36807 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/58516 | vdb-entryx_refsource_OSVDB |
| http://blog.kayako.com/2009/09/security-bulletin-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36568 | vdb-entryx_refsource_BID |
Date Public
2009-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"refsource": "OSVDB",
"url": "http://osvdb.org/58516"
},
{
"name": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/",
"refsource": "CONFIRM",
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3567",
"datePublished": "2009-10-06T20:19:00.000Z",
"dateReserved": "2009-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3427 (GCVE-0-2009-3427)
Vulnerability from nvd – Published: 2009-09-25 22:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/505637/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.ngenuity.org/wordpress/2009/08/08/ngen… | x_refsource_MISC |
| http://secunia.com/advisories/36253 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-08-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:09.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"name": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3427",
"datePublished": "2009-09-25T22:00:00.000Z",
"dateReserved": "2009-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:09.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4761 (GCVE-0-2008-4761)
Vulnerability from nvd – Published: 2008-10-28 00:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://downloads.securityfocus.com/vulnerabilitie… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2008/10/27/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/31908 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-10-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4761",
"datePublished": "2008-10-28T00:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:21.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3701 (GCVE-0-2008-3701)
Vulnerability from nvd – Published: 2008-08-15 20:06 – Updated: 2024-08-07 09:45
VLAI
Summary
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47616 | vdb-entryx_refsource_OSVDB |
| http://forums.kayako.com/f3/3-30-00-stable-releas… | x_refsource_MISC |
| http://secunia.com/advisories/31431 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30642 | vdb-entryx_refsource_BID |
Date Public
2008-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47616"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47616"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"refsource": "OSVDB",
"url": "http://osvdb.org/47616"
},
{
"name": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/",
"refsource": "MISC",
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3701",
"datePublished": "2008-08-15T20:06:00.000Z",
"dateReserved": "2008-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:19.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3700 (GCVE-0-2008-3700)
Vulnerability from nvd – Published: 2008-08-15 20:06 – Updated: 2024-08-07 09:45
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47615 | vdb-entryx_refsource_OSVDB |
| http://forums.kayako.com/f3/3-30-00-stable-releas… | x_refsource_MISC |
| http://osvdb.org/47614 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47613 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/31431 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30642 | vdb-entryx_refsource_BID |
Date Public
2008-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"refsource": "OSVDB",
"url": "http://osvdb.org/47615"
},
{
"name": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/",
"refsource": "MISC",
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"refsource": "OSVDB",
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"refsource": "OSVDB",
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3700",
"datePublished": "2008-08-15T20:06:00.000Z",
"dateReserved": "2008-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:19.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0395 (GCVE-0-2008-0395)
Vulnerability from nvd – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28613 | third-party-advisoryx_refsource_SECUNIA |
| http://www.waraxe.us/advisory-63.html | x_refsource_MISC |
| http://securityreason.com/securityalert/3573 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486762/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28613"
},
{
"name": "http://www.waraxe.us/advisory-63.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0395",
"datePublished": "2008-01-23T11:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2562 (GCVE-0-2007-2562)
Vulnerability from nvd – Published: 2007-05-09 18:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/467832/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2684 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/36166 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"refsource": "OSVDB",
"url": "http://osvdb.org/36166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2562",
"datePublished": "2007-05-09T18:00:00.000Z",
"dateReserved": "2007-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1145 (GCVE-0-2007-1145)
Vulnerability from nvd – Published: 2007-02-27 18:00 – Updated: 2024-08-07 12:43
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2335 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/24223 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22631 | vdb-entryx_refsource_BID |
| http://osvdb.org/33536 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0717 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/460591/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/33535 | vdb-entryx_refsource_OSVDB |
Date Public
2007-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user\u0027s name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user\u0027s name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2335",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"refsource": "OSVDB",
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"refsource": "OSVDB",
"url": "http://osvdb.org/33535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1145",
"datePublished": "2007-02-27T18:00:00.000Z",
"dateReserved": "2007-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5825 (GCVE-0-2006-5825)
Vulnerability from nvd – Published: 2006-11-10 01:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20954 | vdb-entryx_refsource_BID |
| http://builds.kayako.net/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/450829/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1838 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20954"
},
{
"name": "http://builds.kayako.net/",
"refsource": "MISC",
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5825",
"datePublished": "2006-11-10T01:00:00.000Z",
"dateReserved": "2006-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-35913 (GCVE-0-2022-35913)
Vulnerability from cvelistv5 – Published: 2022-09-06 21:01 – Updated: 2024-08-03 09:44
VLAI
Summary
Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://lists.linuxfoundation.org/pipermail/bitco… | x_refsource_MISC |
| https://lists.linuxfoundation.org/pipermail/bitco… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:44:22.159Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other\u0027s paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-06T21:01:43.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-35913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other\u0027s paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in Stonewallx2 before the victim can broadcast the collaborative transaction. The attacker does not signal opt in RBF, and uses the lowest fee rate. This would result in the victim being unable to perform Stonewallx2. (Note that the attacker could use multiple paynyms.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-June/020595.html"
},
{
"name": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html",
"refsource": "MISC",
"url": "https://lists.linuxfoundation.org/pipermail/bitcoin-dev/2022-July/020737.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-35913",
"datePublished": "2022-09-06T21:01:43.000Z",
"dateReserved": "2022-07-15T00:00:00.000Z",
"dateUpdated": "2024-08-03T09:44:22.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3233 (GCVE-0-2012-3233)
Vulnerability from cvelistv5 – Published: 2012-09-15 17:00 – Updated: 2024-08-06 19:57
VLAI
Summary
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://wiki.kayako.com/display/DOCS/4.50.1581 | x_refsource_MISC |
| https://www.htbridge.com/advisory/HTB23095 | x_refsource_MISC |
| http://www.securityfocus.com/bid/55417 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/50366 | third-party-advisoryx_refsource_SECUNIA |
| http://wiki.kayako.com/display/DOCS/4.50.1619 | x_refsource_MISC |
| http://osvdb.org/85189 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
Date Public
2012-09-05 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:57:50.325Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50366"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-09-05T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50366"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wiki.kayako.com/display/DOCS/4.50.1581",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.50.1581"
},
{
"name": "https://www.htbridge.com/advisory/HTB23095",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23095"
},
{
"name": "55417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55417"
},
{
"name": "50366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50366"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.50.1619",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.50.1619"
},
{
"name": "85189",
"refsource": "OSVDB",
"url": "http://osvdb.org/85189"
},
{
"name": "kayakofusion-download-xss(78314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78314"
},
{
"name": "20120905 Cross-Site Scripting (XSS) in Kayako Fusion",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-3233",
"datePublished": "2012-09-15T17:00:00.000Z",
"dateReserved": "2012-06-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T19:57:50.325Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4872 (GCVE-0-2012-4872)
Vulnerability from cvelistv5 – Published: 2012-09-06 21:00 – Updated: 2024-08-06 20:50
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/52625 | vdb-entryx_refsource_BID |
| http://wiki.kayako.com/display/DOCS/4.40.985 | x_refsource_MISC |
| http://st2tea.blogspot.com/2012/03/kayako-fusion-… | x_refsource_MISC |
| http://wiki.kayako.com/display/DOCS/4.40.986 | x_refsource_MISC |
| http://secunia.com/advisories/48462 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-03-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.720Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "52625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/52625"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-03-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "52625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/52625"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52625"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.985",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.985"
},
{
"name": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html",
"refsource": "MISC",
"url": "http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html"
},
{
"name": "http://wiki.kayako.com/display/DOCS/4.40.986",
"refsource": "MISC",
"url": "http://wiki.kayako.com/display/DOCS/4.40.986"
},
{
"name": "48462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48462"
},
{
"name": "kayakofusion-submitticket-xss(74143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74143"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4872",
"datePublished": "2012-09-06T21:00:00.000Z",
"dateReserved": "2012-09-06T00:00:00.000Z",
"dateUpdated": "2024-08-06T20:50:17.720Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2912 (GCVE-0-2010-2912)
Vulnerability from cvelistv5 – Published: 2010-07-28 21:00 – Updated: 2024-08-07 02:46
VLAI
Summary
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.exploit-db.com/exploits/14404 | exploitx_refsource_EXPLOIT-DB |
| http://www.securityfocus.com/bid/41756 | vdb-entryx_refsource_BID |
| http://packetstormsecurity.org/1007-exploits/kaya… | x_refsource_MISC |
Date Public
2010-07-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41756"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41756"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kayakoesupport-functions-sql-injection(60457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60457"
},
{
"name": "14404",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14404"
},
{
"name": "41756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41756"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport-sql.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2912",
"datePublished": "2010-07-28T21:00:00.000Z",
"dateReserved": "2010-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2911 (GCVE-0-2010-2911)
Vulnerability from cvelistv5 – Published: 2010-07-28 21:00 – Updated: 2024-08-07 02:46
VLAI
Summary
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/41779 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/14392 | exploitx_refsource_EXPLOIT-DB |
| http://packetstormsecurity.org/1007-exploits/kaya… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2010/1843 | vdb-entryx_refsource_VUPEN |
Date Public
2010-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:46:48.601Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "41779",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "41779",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "41779",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41779"
},
{
"name": "14392",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/14392"
},
{
"name": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1007-exploits/kayakoesupport37002-sql.txt"
},
{
"name": "kayakoesupport-index-sql-injection(60455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60455"
},
{
"name": "ADV-2010-1843",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1843"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2911",
"datePublished": "2010-07-28T21:00:00.000Z",
"dateReserved": "2010-07-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T02:46:48.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0460 (GCVE-0-2010-0460)
Vulnerability from cvelistv5 – Published: 2010-01-28 20:00 – Updated: 2024-08-07 00:52
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/509122/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/37947 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/38322 | third-party-advisoryx_refsource_SECUNIA |
| http://packetstormsecurity.org/1001-advisories/ka… | x_refsource_MISC |
| http://osvdb.org/61928 | vdb-entryx_refsource_OSVDB |
Date Public
2010-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:18.663Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38322"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/61928"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38322"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/61928"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-0460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100121 Kayako SupportSuite Multiple Persistent Cross Site Scripting (Current Versions)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509122/100/0/threaded"
},
{
"name": "supportsuite-contents-xss(55859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55859"
},
{
"name": "37947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37947"
},
{
"name": "38322",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38322"
},
{
"name": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1001-advisories/kayako-xss.txt"
},
{
"name": "61928",
"refsource": "OSVDB",
"url": "http://osvdb.org/61928"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-0460",
"datePublished": "2010-01-28T20:00:00.000Z",
"dateReserved": "2010-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T00:52:18.663Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3567 (GCVE-0-2009-3567)
Vulnerability from cvelistv5 – Published: 2009-10-06 20:19 – Updated: 2024-08-07 06:31
VLAI
Summary
Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/36807 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/58516 | vdb-entryx_refsource_OSVDB |
| http://blog.kayako.com/2009/09/security-bulletin-… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/36568 | vdb-entryx_refsource_BID |
Date Public
2009-09-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/58516"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-09-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36807",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/58516"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36568"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36807"
},
{
"name": "supportsuite-esupport-panel-xss(53558)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53558"
},
{
"name": "58516",
"refsource": "OSVDB",
"url": "http://osvdb.org/58516"
},
{
"name": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/",
"refsource": "CONFIRM",
"url": "http://blog.kayako.com/2009/09/security-bulletin-supportsuite-and-esupport/"
},
{
"name": "36568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36568"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3567",
"datePublished": "2009-10-06T20:19:00.000Z",
"dateReserved": "2009-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:10.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3427 (GCVE-0-2009-3427)
Vulnerability from cvelistv5 – Published: 2009-09-25 22:00 – Updated: 2024-08-07 06:31
VLAI
Summary
Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/505637/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.ngenuity.org/wordpress/2009/08/08/ngen… | x_refsource_MISC |
| http://secunia.com/advisories/36253 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2009-08-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:09.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36253"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36253"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090808 [NGENUITY] - Ticket Subject Persistent XSS in Kayako SupportSuite",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505637/100/0/threaded"
},
{
"name": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/",
"refsource": "MISC",
"url": "http://www.ngenuity.org/wordpress/2009/08/08/ngenuity-ticket-subject-persistent-xss-in-kayako-supportsuite/"
},
{
"name": "36253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36253"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3427",
"datePublished": "2009-09-25T22:00:00.000Z",
"dateReserved": "2009-09-25T00:00:00.000Z",
"dateUpdated": "2024-08-07T06:31:09.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4761 (GCVE-0-2008-4761)
Vulnerability from cvelistv5 – Published: 2008-10-28 00:00 – Updated: 2024-08-07 10:24
VLAI
Summary
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://downloads.securityfocus.com/vulnerabilitie… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2008/10/27/6 | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/31908 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2008-10-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:21.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this issue is probably in the HTMLArea HTMLTidy (HTML Tidy) plugin, not eSupport."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/31908.html"
},
{
"name": "[oss-security] 20081027 XSS in HTML Tidy plugin used in WYSIWYG HTML editors",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/27/6"
},
{
"name": "31908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31908"
},
{
"name": "esupport-htmltidylogic-xss(46097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4761",
"datePublished": "2008-10-28T00:00:00.000Z",
"dateReserved": "2008-10-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:24:21.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3701 (GCVE-0-2008-3701)
Vulnerability from cvelistv5 – Published: 2008-08-15 20:06 – Updated: 2024-08-07 09:45
VLAI
Summary
SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47616 | vdb-entryx_refsource_OSVDB |
| http://forums.kayako.com/f3/3-30-00-stable-releas… | x_refsource_MISC |
| http://secunia.com/advisories/31431 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30642 | vdb-entryx_refsource_BID |
Date Public
2008-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.244Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47616"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47616"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in staff/index.php in Kayako SupportSuite 3.20.02 and earlier allows remote authenticated users to execute arbitrary SQL commands via the customfieldlinkid parameter in a delcflink action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-customfieldlinkid-sql-injection(44384)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44384"
},
{
"name": "47616",
"refsource": "OSVDB",
"url": "http://osvdb.org/47616"
},
{
"name": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/",
"refsource": "MISC",
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "31431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3701",
"datePublished": "2008-08-15T20:06:00.000Z",
"dateReserved": "2008-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:19.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3700 (GCVE-0-2008-3700)
Vulnerability from cvelistv5 – Published: 2008-08-15 20:06 – Updated: 2024-08-07 09:45
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.gulftech.org/?node=research&article_id… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47615 | vdb-entryx_refsource_OSVDB |
| http://forums.kayako.com/f3/3-30-00-stable-releas… | x_refsource_MISC |
| http://osvdb.org/47614 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/47613 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/31431 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/30642 | vdb-entryx_refsource_BID |
Date Public
2008-08-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:19.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47615"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47615"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30642"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite 3.20.02 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the sessionid parameter in a livesupport startclientchat action to visitor/index.php; (2) the filter parameter in a news view action to index.php; or the Full Name field in a (3) account creation, (4) ticket opening, or (5) chat request operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research\u0026article_id=00123-08092008"
},
{
"name": "kayako-sessionid-xss(44382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44382"
},
{
"name": "47615",
"refsource": "OSVDB",
"url": "http://osvdb.org/47615"
},
{
"name": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/",
"refsource": "MISC",
"url": "http://forums.kayako.com/f3/3-30-00-stable-released-18304/"
},
{
"name": "47614",
"refsource": "OSVDB",
"url": "http://osvdb.org/47614"
},
{
"name": "kayako-fullname-xss(44383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44383"
},
{
"name": "47613",
"refsource": "OSVDB",
"url": "http://osvdb.org/47613"
},
{
"name": "31431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31431"
},
{
"name": "30642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30642"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3700",
"datePublished": "2008-08-15T20:06:00.000Z",
"dateReserved": "2008-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:45:19.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0395 (GCVE-0-2008-0395)
Vulnerability from cvelistv5 – Published: 2008-01-23 11:00 – Updated: 2024-08-07 07:46
VLAI
Summary
Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/28613 | third-party-advisoryx_refsource_SECUNIA |
| http://www.waraxe.us/advisory-63.html | x_refsource_MISC |
| http://securityreason.com/securityalert/3573 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/archive/1/486762/100… | mailing-listx_refsource_BUGTRAQ |
Date Public
2008-01-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:46:54.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-01-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28613",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kayako SupportSuite 3.11.01 allows remote attackers to obtain server configuration information via a direct request to syncml/index.php, which prints the contents of the $_SERVER superglobal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28613",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28613"
},
{
"name": "http://www.waraxe.us/advisory-63.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-63.html"
},
{
"name": "3573",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3573"
},
{
"name": "20080121 [waraxe-2008-SA#063] - Information Leakage in Kayako SupportSuite 3.11.01",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/486762/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0395",
"datePublished": "2008-01-23T11:00:00.000Z",
"dateReserved": "2008-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-07T07:46:54.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2562 (GCVE-0-2007-2562)
Vulnerability from cvelistv5 – Published: 2007-05-09 18:00 – Updated: 2024-08-07 13:42
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/467832/100… | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/2684 | third-party-advisoryx_refsource_SREASON |
| http://osvdb.org/36166 | vdb-entryx_refsource_OSVDB |
Date Public
2007-05-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:42:33.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36166"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36166"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 3.00.90 allows remote attackers to inject arbitrary web script or HTML via the _m parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070507 Kayako eSupport v3.00.90 Cross Site Scripting (XSS)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/467832/100/0/threaded"
},
{
"name": "kayako-esupport-index-xss(34144)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34144"
},
{
"name": "2684",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2684"
},
{
"name": "36166",
"refsource": "OSVDB",
"url": "http://osvdb.org/36166"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2562",
"datePublished": "2007-05-09T18:00:00.000Z",
"dateReserved": "2007-05-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T13:42:33.444Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1145 (GCVE-0-2007-1145)
Vulnerability from cvelistv5 – Published: 2007-02-27 18:00 – Updated: 2024-08-07 12:43
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/2335 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/24223 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/22631 | vdb-entryx_refsource_BID |
| http://osvdb.org/33536 | vdb-entryx_refsource_OSVDB |
| http://www.vupen.com/english/advisories/2007/0717 | vdb-entryx_refsource_VUPEN |
| http://www.securityfocus.com/archive/1/460591/100… | mailing-listx_refsource_BUGTRAQ |
| http://osvdb.org/33535 | vdb-entryx_refsource_OSVDB |
Date Public
2007-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:43:22.551Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33535"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user\u0027s name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2335",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33535"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user\u0027s name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2335",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2335"
},
{
"name": "24223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24223"
},
{
"name": "22631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22631"
},
{
"name": "33536",
"refsource": "OSVDB",
"url": "http://osvdb.org/33536"
},
{
"name": "ADV-2007-0717",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0717"
},
{
"name": "20070219 ESupport Multiple HTML Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/460591/100/0/threaded"
},
{
"name": "33535",
"refsource": "OSVDB",
"url": "http://osvdb.org/33535"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1145",
"datePublished": "2007-02-27T18:00:00.000Z",
"dateReserved": "2007-02-27T00:00:00.000Z",
"dateUpdated": "2024-08-07T12:43:22.551Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-5825 (GCVE-0-2006-5825)
Vulnerability from cvelistv5 – Published: 2006-11-10 01:00 – Updated: 2024-08-07 20:04
VLAI
Summary
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/20954 | vdb-entryx_refsource_BID |
| http://builds.kayako.net/ | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/450829/100… | mailing-listx_refsource_BUGTRAQ |
| http://securityreason.com/securityalert/1838 | third-party-advisoryx_refsource_SREASON |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2006-11-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.591Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20954",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20954"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20954",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20954"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20954",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20954"
},
{
"name": "http://builds.kayako.net/",
"refsource": "MISC",
"url": "http://builds.kayako.net/"
},
{
"name": "20061107 XSS in Kayako SupportSuite v3.00.32",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/450829/100/0/threaded"
},
{
"name": "1838",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1838"
},
{
"name": "kayako-support-index-xss(30095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30095"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5825",
"datePublished": "2006-11-10T01:00:00.000Z",
"dateReserved": "2006-11-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T20:04:55.591Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}