CVE-2005-4637

N/A Unknown

Published: December 31, 2005 Modified: April 16, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html

Source: cve@mitre.org

http://www.osvdb.org/22224

Source: cve@mitre.org

http://www.osvdb.org/22225

Source: cve@mitre.org

http://www.securityfocus.com/bid/16094

Source: cve@mitre.org

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/23916

Source: cve@mitre.org

http://pridels0.blogspot.com/2005/12/kayako-supportsuite-multiple-vuln.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/22224

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/22225

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/16094

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/23916

Source: af854a3a-2127-422b-91ae-364da2661108

10 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

4.0%

89th percentile

Exploitation Status

Not in CISA KEV

Affected Vendors

kayako