https://www.exploit-db.com/exploits/25037
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-248

KayakoeSupport2.x版本中的index.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助searchm参数注入任意web脚本。

source: http://www.securityfocus.com/bid/12037/info

Kayako eSupport is prone to multiple input validation vulnerabilities. One cross-site scripting and six SQL injection vulnerabilities.

These issues may collectively threaten compromise of software and database security properties. Possible attacks include theft of cookie-based authentication credentials, exposure or modification of database information, and a potential for attacks against the underlying database implementation. 

http://www.example.com/index.php?_a=knowledgebase&_j=search&searchm=[CODEGOESHERE]

来源:XF
名称:kayako-index-xss(18571)
链接:http://xforce.iss.net/xforce/xfdb/18571
来源:BID
名称:12037
链接:http://www.securityfocus.com/bid/12037
来源:www.gulftech.org
链接:http://www.gulftech.org/?node=research&article;_id=00056-12182004
来源:BUGTRAQ
名称:20041218MultipleVulnerabilitiesInKayakoeSupportv2.x
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110352428607171&w;=2