Unrated severityNVD Advisory· Published Jan 28, 2010· Updated Apr 29, 2026

CVE-2010-0460

Description

Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php in Kayako SupportSuite 3.60.04 and earlier allow remote authenticated users to inject arbitrary web script or HTML via the (1) subject parameter and (2) contents parameter (aka body) in an insertquestion action. NOTE: some of these details are obtained from third party information.

Affected products

Kayako/Esupport
cpe:2.3:a:kayako:esupport:*:*:*:*:*:*:*:*
Range: <=3.60.04
Kayako/Supportsuite11 versions
cpe:2.3:a:kayako:supportsuite:3.0:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:kayako:supportsuite:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.00.26:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.00.32:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.10.00:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.10.02:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.11.00:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.11.01:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.20.02:*:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.30:rc2:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.30:rc3:*:*:*:*:*:*
- cpe:2.3:a:kayako:supportsuite:3.50.06:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

packetstormsecurity.org/1001-advisories/kayako-xss.txtnvdExploit
secunia.com/advisories/38322nvdVendor Advisory
osvdb.org/61928nvd
www.securityfocus.com/archive/1/509122/100/0/threadednvd
www.securityfocus.com/bid/37947nvd
exchange.xforce.ibmcloud.com/vulnerabilities/55859nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000