nGenuity

Get a Security Assessment

Ticket Subject Persistent XSS in Kayako SupportSuite

SupportSuite is [Kayako’s] flagship product, integrating the ticket and e-mail management features of eSupport with the live chat and visitor monitoring features of LiveResponse.” The subject field of a newly created support ticket is not properly encoded before being sent to the browser when the ticket details are viewed.

Blind SQL Injection in playfoursquare.com

I stumbled upon a fun little sql injection in playfoursquare the other day. I notified them but have not heard back, but it appears it has been addressed so here are the details.