Topic: SpamTitan contains a reflected cross-site scripting (XSS) vulnerabilit

Vulnerability Note VU#849500

Description


CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management interface. An attacker is able to load arbitrary script in the context of the user's browser through the sortdir parameter.

For more information on Impact, see link below.

http://www.kb.cert.org/vuls/id/849500

Master Mage

Last edited by Master Mage (2014-06-24 09:12:11)