Knowledgebase

Portal Home > Knowledgebase > Industry Announcements > Web Hosting Main Forums > Web Hosting Industry Announcements > Important Kayako security bulletin - SupportSuite and eSupport patch issued

Important Kayako security bulletin - SupportSuite and eSupport patch issued

Posted by Jamie Edwards, 10-04-2009, 10:02 AM

A recent discovery of a potentially exploitable XSS (cross-site scripting) vulnerability inside of the staff control panel means that we have had to release an out-of-cycle patch to our customers. Who this applies to All customers running SupportSuite or eSupport 3.60.04 or earlier need to apply this patch as soon as possible. About the flaw The flaw can only be exploited by fully authenticated staff users. However, with cross-site scripting, an attacker could trick your staff users into clicking a legitimate looking link which triggers the exploit and could leak information such as your staff user’s session data and cookie data. Instructions and patch The patch simply involves replacing one file in your support desk installation. For more information, see: http://blog.kayako.com/2009/09/secur...-and-esupport/

---

Add to Favourites    Print this Article

Viper-Host.Net - expands to Tokyo (Views: 1262)

Hosting Speed improvements with the Lipra(tm) Process (Views: 1239)

New 500k sq ft datacenter facility to open in February in NJ! (Views: 1266)

Teenage CEO of Voxxit breaks first $100,000 in revenue (Views: 1252)

Installatron Adds Converter for Fantastico, Application Vault, Announces Free Edition (Views: 1280)