High-Tech Bridge SA Security Research Lab has discovered vulnerability in Kayako Fusion, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
- Cross-Site Scripting (XSS) in Kayako Fusion: CVE-2012-3233
Input appended to the URL after /__swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in user’s browser session in context of an affected website.
The following PoC (Proof of Concept) demonstrates the vulnerability:
http://[host]/__swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download .php/%27%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
Successful exploitation of this vulnerability requires that Apache’s directive “AcceptPathInfo” is set to “on” or “default” (default value is “default”).