CVE-2004-1412 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2004-1412

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.

Affected Software

Name	Vendor	Start Version	End Version
Esupport	Kayako	2.1.2 (including)	2.1.2 (including)
Esupport	Kayako	2.1.8 (including)	2.1.8 (including)
Esupport	Kayako	2.2 (including)	2.2 (including)
Esupport	Kayako	2.2.5 (including)	2.2.5 (including)
Esupport	Kayako	2.3 (including)	2.3 (including)

References

http://marc.info/?l=bugtraq\u0026m=110352428607171\u0026w=2
http://www.gulftech.org/?node=research\u0026article_id=00056-12182004
http://www.securityfocus.com/bid/12037
https://exchange.xforce.ibmcloud.com/vulnerabilities/18571