CVE-2012-4872

Опубликовано: 06 сент. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.

Ссылки

http://secunia.com/advisories/48462
Vendor Advisory
http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html
http://wiki.kayako.com/display/DOCS/4.40.985
http://wiki.kayako.com/display/DOCS/4.40.986
http://www.securityfocus.com/bid/52625
https://exchange.xforce.ibmcloud.com/vulnerabilities/74143
http://secunia.com/advisories/48462
Vendor Advisory
http://st2tea.blogspot.com/2012/03/kayako-fusion-cross-site-scripting.html
http://wiki.kayako.com/display/DOCS/4.40.985
http://wiki.kayako.com/display/DOCS/4.40.986
http://www.securityfocus.com/bid/52625
https://exchange.xforce.ibmcloud.com/vulnerabilities/74143

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kayako:kayako_fusion:*:*:*:*:*:*:*:*

Версия до 4.40.959 (включая)

EPSS

Процентиль: 64%

0.00475

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-xvjx-r8gr-f7cg

github

больше 3 лет назад