Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
BID:29957
Info
Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 29957 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3082 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 26 2008 12:00AM |
| Updated: | May 07 2015 05:28PM |
| Credit: | Erez Metula |
| Vulnerable: |
Commtouch Anti-Spam Enterprise Gateway 5 Commtouch Anti-Spam Enterprise Gateway 4 |
| Not Vulnerable: | |
Discussion
Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
Commtouch Anti-Spam Enterprise Gateway is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Commtouch Anti-Spam Enterprise Gateway 4 and 5 are vulnerable; other versions may also be affected.
Commtouch Anti-Spam Enterprise Gateway is prone to a cross-site scripting vulnerability because the device fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Commtouch Anti-Spam Enterprise Gateway 4 and 5 are vulnerable; other versions may also be affected.
Exploit / POC
Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
Solution / Fix
Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
Solution:
The vendor has released an update. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released an update. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Commtouch Anti-Spam Enterprise Gateway 'PARAMS' Parameter Cross-Site Scripting Vulnerability
References:
References:
- Vendor Homepage (Commtouch)