Description

Multiple persistent input validation vulnerabilities are detected in the Kayako Fusion v4.51.1891 Web Application. The vulnerability typus allows an attacker to inject own malicious script code in the vulnerable module on application side (persistent). The vulnerabilities can be exploited with a privileged application user account and low or medium required user interaction.

Remediation

Upgrade to the latest version of Kayako Fusion.

References

Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

Related Vulnerabilities

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-3094)

Vanilla Forums Improper Input Validation Vulnerability (CVE-2011-0908)

Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-20676)

Ruby on Rails Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-6417)

MySQL CVE-2019-2566 Vulnerability (CVE-2019-2566)

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Known Vulnerabilities XSS