Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.
References
Link | Resource |
---|---|
http://seclists.org/fulldisclosure/2014/Apr/223 | Exploit |
http://secunia.com/advisories/58038 | Vendor Advisory |
http://www.f-secure.com/en/web/labs_global/fsc-2014-2 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2014-04-18 14:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-2844
Mitre link : CVE-2014-2844
CVE.ORG link : CVE-2014-2844
JSON object : View
Products Affected
f-secure
- secure_messaging_secure_gateway
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')