Topic: SpamTitan contains a reflected cross-site scripting (XSS) vulnerabilit
Vulnerability Note VU#849500
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management interface. An attacker is able to load arbitrary script in the context of the user's browser through the sortdir parameter.
For more information on Impact, see link below.
Last edited by Master Mage (2014-06-24 09:12:11)