A recent discovery of a potentially exploitable XSS (cross-site scripting) vulnerability inside of the staff control panel means that we have had to release an out-of-cycle patch to our customers.

Who this applies to
All customers running SupportSuite or eSupport 3.60.04 or earlier need to apply this patch as soon as possible.

About the flaw
The flaw can only be exploited by fully authenticated staff users. However, with cross-site scripting, an attacker could trick your staff users into clicking a legitimate looking link which triggers the exploit and could leak information such as your staff user’s session data and cookie data.

Instructions and patch
The patch simply involves replacing one file in your support desk installation. For more information, see: http://blog.kayako.com/2009/09/secur...-and-esupport/