Multiple vulnerabilities in Kayako Fusion version 4.51 could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks on a targeted system.
The vulnerabilities are due to insufficient sanitization of user-supplied input by the affected software. An attacker could exploit these vulnerabilities by convincing a targeted user to open a crafted web page. An exploit could allow the attacker to execute arbitrary code in the user's browser session or access user authentication cookies.
Administrators are advised to implement an intrusion prevention system (IPS) or intrusion detection system (IDS) to help detect and prevent attacks that attempt to exploit this vulnerability.
For additional information about XSS attacks and the methods used to exploit these vulnerabilities, see the Cisco Applied Mitigation Bulletin Understanding Cross-Site Scripting (XSS) Threat Vectors
The vendor has not confirmed these vulnerabilities and updated software is not available.