Fusion

CVEs (2)

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2012-3233		0.03	—	0.01		Sep 15, 2012	Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4872		0.00	—	0.00		Sep 6, 2012	Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.

CVE-2012-3233Sep 15, 2012
risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
CVE-2012-4872Sep 6, 2012
risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako Fusion before 4.40.985 allows remote attackers to inject arbitrary web script or HTML via certain vectors, possibly a crafted ticket description.