CVE-2012-4872

Kayako Fusion <4.40.985 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.

References (6)

[Vendor Advisory] http://secunia.com/advisories/48462

[Various Sources] http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52625

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74143

[Third Party Advisory] http://wiki.kayako.com/display/DOCS/4.40.985

[Third Party Advisory] http://wiki.kayako.com/display/DOCS/4.40.986

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status published

Affected Products (2)

kayako/kayako_fusion < 4.40.959

n/a/n/a

Timeline

Published Sep 06, 2012

Tracked Since Feb 18, 2026