Test Kennung:	1.3.6.1.4.1.25623.1.0.804440
Kategorie:	Web application abuses
Titel:	Symantec Messaging Gateway 'displayTab' Cross-Site Scripting Vulnerability
Zusammenfassung:	This host is running Symantec Messaging Gateway and is prone to cross-site;scripting vulnerability.
Beschreibung:	Summary: This host is running Symantec Messaging Gateway and is prone to cross-site scripting vulnerability. Vulnerability Insight: The flaw is due to input passed via the 'displayTab' GET parameter to /brightmail/setting/compliance/DlpConnectFlow$view.flo is not properly sanitised before being returned to the user. Vulnerability Impact: Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Affected Software/OS: Symantec Messaging Gateway 10.x before 10.5.2 Solution: Upgrade to Symantec Messaging Gateway 10.5.2 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	BugTraq ID: 66966 Common Vulnerability Exposure (CVE) ID: CVE-2014-1648 http://www.securityfocus.com/bid/66966 http://seclists.org/fulldisclosure/2014/Apr/256 http://www.securitytracker.com/id/1030136
Copyright	Copyright (C) 2014 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.