Important Kayako security bulletin - SupportSuite and eSupport patch issued - Knowledgebase

Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Providers and Network Outages and Updates > Important Kayako security bulletin - SupportSuite and eSupport patch issued

Important Kayako security bulletin - SupportSuite and eSupport patch issued

Posted by Jamie Edwards, 10-04-2009, 10:02 AM
A recent discovery of a potentially exploitable XSS (cross-site scripting) vulnerability inside of the staff control panel means that we have had to release an out-of-cycle patch to our customers. Who this applies to All customers running SupportSuite or eSupport 3.60.04 or earlier need to apply this patch as soon as possible. About the flaw The flaw can only be exploited by fully authenticated staff users. However, with cross-site scripting, an attacker could trick your staff users into clicking a legitimate looking link which triggers the exploit and could leak information such as your staff users session data and cookie data. Instructions and patch The patch simply involves replacing one file in your support desk installation. For more information, see: http://blog.kayako.com/2009/09/secur...-and-esupport/