Labels



 Trendy Right Now

Home XSS vulnerability in Kayako app left AVG.sg, comodo.com and other sites vulnerable

XSS vulnerability in Kayako app left AVG.sg, comodo.com and other sites vulnerable

Saturday, March 17, 2012

GreyHat Hacker "Sony" , from insecurity.ro ,come with some interesting vulnerability. He has discovered XSS vulnerability in a famous Help desk and customer support software Kayako.

In fact, the vulnerability in kayako has been discovered already by other security researcher . But sony found that the vulnerability in Kayako Fusion left some high profile sites including AVG Singapore, Comodo websites vulnerable .

He found XSS in Ticket submission.Unfortunately, the XSS is persistent one. When he put his xss code in the all fields and submitted the ticket, the injected xss code is successfully injected in database. Opening the submitted tickets will execute the injected javascript code.

The comodo website uses SupportSuite v3.70.02 and AVG singapore uses fusion app. Both application are found to be vulnerable to this attack.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

XSS vulnerability in Kayako app left AVG.sg, comodo.com and other sites vulnerable

Footer About

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

Report Abuse

About Me

Showing result(s) for

Popular Posts

Pages

Menu Item

Next

Newer Post

Previous

Older Post

Vulnerability

Web Application Vulnerability

XSS Vulnerability