Administrator
Posts: 3,878
Join Date: May 2003
|
|
eSupport v2.3.1 Stable Released - (XSS Vulnerability Fix) -
12-25-2004, 11:24 PM
Kayako eSupport XSS Vulnerability
==============================
A Security Vulnerability has been discovered in all eSupport versions prior to v2.3. The vulnerability allows a person to execute a Javascript on clients computer to retreive the ticket key. This vulnerability can be exploited only if the client opens a URL posted by the attacker.
Please download the build from Members Area only after you see v2.3.1 as version number. The files are still being committed as we are sending this announcement. If you have any questions please email support AT kayako.com, You can also directly contact me at varun AT kayako.com or over IM (Details listed in Profile). We would like to thank James from GulfTech for discovering these vulnerabilities.
Upgrading from v2.3 to v2.3.1 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
Upgrading from v2.2.5 to v2.3.1 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
Upgrading from v2.2 to v2.3.1 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
* Upload the file "upgrade_v2.2_to_v2.3.php" from your upgrade/ directory over to admin/ directory and run it from your web browser
* Follow the steps, it should finish without any issues.
* Delete "upgrade_v2.2_to_v2.3.php" from your admin/ directory
Upgrading from v2.1.x to v2.3.1 Stable
=============================================
* IMPORTANT! Backup BOTH your Database (mysqldump) and your Files before proceeding.
* Replace all your existing files with the new ones in upload_zend/upload_ioncube directory
* REMOVE admin/setup.php
* Make sure BOTH your config.php AND key.php are in admin/ directory after you have replaced the files
* Upload the file "upgrade_v2.1.x_to_v2.3.php" from your upgrade/ directory over to admin/ directory and run it from your web browser
* Follow the steps, it should finish without any issues.
* Delete "upgrade_v1.x_to_v2.3.php" from your admin/ directory
|
|
|
|
|