• Multiple persistent input validation vulnerabilities are detected in the Kayako Fusion v4.51.1891 Web Application. The vulnerability typus allows an attacker to inject own malicious script code in the vulnerable module on application side (persistent). The vulnerabilities can be exploited with a privileged application user account and low or medium required user interaction.

• Upgrade to the latest version of Kayako Fusion.

• • Kayako Fusion v4.51.1891 - Multiple Web Vulnerabilities

• 

• CWE-79

• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

• Known Vulnerabilities

• WordPress Plugin Google Doc Embedder Multiple Vulnerabilities (2.6.1)
• WordPress Plugin WordPress Catalog 's_p_c_t' Parameter Multiple Cross-Site Scripting Vulnerabilities (1.1)
• WordPress Plugin Bookings Cross-Site Scripting (1.8.2)
• WordPress Plugin WP Super Cache Cross-Site Scripting (1.3)
• WordPress Plugin Thank You Counter Button Cross-Site Scripting (1.8.2)