Lucene search

[email protected]CVE-2012-3233

HistorySep 15, 2012 - 5:55 p.m.

CVE-2012-3233

2012-09-1517:55:05

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-3233

cross-site scripting

xss

kayako fusion

phpexcel

jama

nvd

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

JSON

Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Affected configurations

NVD

Node

kayakofusionMatch4.40.1148

CPENameOperatorVersion
kayako:fusionkayako fusioneq4.40.1148

CPE	Name	Operator	Version
kayako:fusion	kayako fusion	eq	4.40.1148

References

archives.neohapsis.com/archives/bugtraq/2012-09/0022.html

osvdb.org/85189

secunia.com/advisories/50366

wiki.kayako.com/display/DOCS/4.50.1581

wiki.kayako.com/display/DOCS/4.50.1619

www.securityfocus.com/bid/55417

exchange.xforce.ibmcloud.com/vulnerabilities/78314

www.htbridge.com/advisory/HTB23095

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.039 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2012-3233

prion1 nvd1 securityvulns2 cvelist1 packetstorm1 htbridge1