CVE-2012-3233

Kayako Fusion <4.50.1581 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge · textwebappsphp

https://www.exploit-db.com/exploits/37698

View Code ZIP pw:eip

References (8)

[Exploit] http://archives.neohapsis.com/archives/bugtraq/2012-09/0022.html

[Exploit] http://osvdb.org/85189

[Vendor Advisory] http://secunia.com/advisories/50366

[Exploit] https://www.htbridge.com/advisory/HTB23095

[Third Party Advisory] http://wiki.kayako.com/display/DOCS/4.50.1581

[Third Party Advisory] http://wiki.kayako.com/display/DOCS/4.50.1619

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/55417

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/78314

Scores

EPSS 0.0110

EPSS Percentile 77.8%

Classification

CWE

CWE-79

Status published

Affected Products (2)

kayako/fusion

n/a/n/a

Timeline

Published Sep 15, 2012

Tracked Since Feb 18, 2026