McAfee Email Gateway (formerly IronMail) – Cross-Site Scripting

• Exploit Database
• 32 阅读

• 作者： Nahuel Grisolia
  日期： 2010-04-06
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/12092/

• Advisory Name: Multiple Reflected Cross-Site Scripting (XSS) in McAfee Email Gateway (formerly
  IronMail)
  Vulnerability Class: Reflected Cross-Site Scripting (XSS)
  Release Date: Tue Apr 6, 2010
  Affected Applications: Secure Mail (Ironmail) ver.6.7.1
  Affected Platforms: FreeBSD 6.2 / Apache-Coyote 1.1
  Local / Remote: Remote
  Severity: Medium – CVSS: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
  Researcher: Nahuel Grisolía
  
  Vendor Status: Official Patch Released. Install McAfee Email Gateway 6.7.2 Hotfix 2.
  Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
  
  Vulnerability Description:
  Multiple Reflected Cross Site Scripting vulnerabilities were found in Ironmail's Web Access console,
  because the application fails to sanitize user-supplied input. The vulnerabilities can be triggered by any
  logged-in user.
  
  Download:
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12092.pdf (cybsec_advisory_2010_0402.pdf)