CVE-2005-0842
published 2005-05-02CVE-2005-0842: Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.63%
83.6th percentile
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kayako | esupport | — | — |
| kayako | esupport | — | — |
| kayako | esupport | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vm66-xcq3-qvjh: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3
ghsa_unreviewed·2022-05-01·CVSS 4.3
CVE-2007-1145 [MEDIUM] CWE-79 GHSA-vm66-xcq3-qvjh: Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3
Multiple cross-site scripting (XSS) vulnerabilities in Kayako SupportSuite - ESupport 3.00.13 and 3.04.10 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a (1) lostpassword or (2) register action in index.php, (3) unspecified vectors in the Submit form in a submit action in index.php, and (4) the user's name in index.php; and (5) allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to the Admin and Staff Control Panel. NOTE: this might issue overlap CVE-2004-1412, CVE-2005-0487, or CVE-2005-0842.
GHSA
GHSA-r73v-h6f2-chp7: Cross-site scripting (XSS) vulnerability in index
ghsa_unreviewed·2022-05-01
CVE-2005-0842 [MEDIUM] GHSA-r73v-h6f2-chp7: Cross-site scripting (XSS) vulnerability in index
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.
No detection rules found.
No writeups or analysis indexed.
2005-05-02
Published