Lucene search

K
cve[email protected]CVE-2012-3233
HistorySep 15, 2012 - 5:55 p.m.

CVE-2012-3233

2012-09-1517:55:05
CWE-79
web.nvd.nist.gov
30
cve-2012-3233
cross-site scripting
xss
kayako fusion
phpexcel
jama
nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

NVD
Node
kayakofusionMatch4.40.1148
CPENameOperatorVersion
kayako:fusionkayako fusioneq4.40.1148

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%