Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3233

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3233
Last Modified 17 Sep 2012 12:00:00
Published 15 Sep 2012 01:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3233

Summary

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Vulnerable Systems

Application

  • Kayako Fusion 4.40.1148


References

MISC - https://www.htbridge.com/advisory/HTB23095

XF - kayakofusion-download-xss(78314)

BID - 55417

MISC - http://wiki.kayako.com/display/DOCS/4.50.1619

MISC - http://wiki.kayako.com/display/DOCS/4.50.1581

SECUNIA - 50366

OSVDB - 85189

BUGTRAQ - 20120905 Cross-Site Scripting (XSS) in Kayako Fusion


Last Updated: 27 May 2016 11:00:42