CVE-2014-2844

Sažetak

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

Reference

http://seclists.org/fulldisclosure/2014/Apr/223
http://secunia.com/advisories/58038
http://www.f-secure.com/en/web/labs_global/fsc-2014-2

CVSS

Base:	3.5
Impact:	2.9
Exploitability:	6.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

21-04-2014 - 15:08

Objavljeno

18-04-2014 - 14:55