SonicWall AntiSpam & EMail Multiple Security vulnerabilities

Bugtraq ID:	51337
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 10 2012 12:00AM
Updated:	Jan 10 2012 12:00AM
Credit:	Benjamin Kunz Mejri
Vulnerable:	SonicWALL AntiSpam & EMail 7.3.1
Not Vulnerable:

SonicWall AntiSpam & EMail Multiple Security vulnerabilities

SonicWall AntiSpam & EMail is prone to a cross-site scripting vulnerability, a URI-redirection vulnerability, and an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or conduct phishing attacks. Other attacks are also possible.

AntiSpam & EMail 7.3.1 is vulnerable; other versions may also be affected.