CVE-2005-0487

Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=full-disclosure&m=110845724029888&w=2
http://www.securityfocus.com/bid/12563	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18571
http://marc.info/?l=full-disclosure&m=110845724029888&w=2
http://www.securityfocus.com/bid/12563	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18571

Configurations

Configuration 1 (hide)

cpe:2.3:a:kayako:esupport:2.3.1:*:*:*:*:*:*:*

History

20 Nov 2024, 23:55

Type	Values Removed	Values Added
References	~~() http://marc.info/?l=full-disclosure&m=110845724029888&w=2 -~~	() http://marc.info/?l=full-disclosure&m=110845724029888&w=2 -
References	~~() http://www.securityfocus.com/bid/12563 - Vendor Advisory~~	() http://www.securityfocus.com/bid/12563 - Vendor Advisory
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/18571 -

Information

Published : 2005-03-30 05:00

Updated : 2024-11-20 23:55

NVD link : CVE-2005-0487

Mitre link : CVE-2005-0487

CVE.ORG link : CVE-2005-0487

JSON object : View

Products Affected

kayako

esupport

CWE

NVD-CWE-Other

{"id": "CVE-2005-0487", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2005-03-30T05:00:00.000", "references": [{"url": "http://marc.info/?l=full-disclosure&m=110845724029888&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12563", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18571", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=full-disclosure&m=110845724029888&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/12563", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18571", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in index.php for Kayako ESupport 2.3.1, and possibly other versions, allows remote attackers to inject arbitrary HTML and web script via the nav parameter."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en index.php para Kayako ESupport 2.3.1 y posiblemete otras versiones, permite a atacantes remotos la inyecci\u00f3n de HTML arbitrario y scripts web, mediante el par\u00e1metro nav."}], "lastModified": "2024-11-20T23:55:14.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:kayako:esupport:2.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "207C5C3A-27FF-4EDA-B435-2316492CE84A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}