Lucene search
RootSSV:61704HistoryMar 10, 2014 - 12:00 a.m.
Aker Secure Mail Gateway "msg_id"跨站脚本漏洞
2014-03-1000:00:00
Root
www.seebug.org
99
0.002 Low
EPSS
Percentile
53.2%
CVE ID:CVE-2013-6037
Aker Secure Mail Gateway是一款邮件网关解决方案。
由于通过"msg_id" GET参数传递到webgui/cf/index.php的输入在返回用户前未能正确过滤,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。
0
Aker Secure Mail Gateway <=2.5.2
厂商补丁:
Aker
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.aker.com.br/atualizacoes-asmg?field_tipo_value=All
Related
cert
cert
Aker Secure Mail Gateway reflected XSS vulnerability
2014-03-06 00:00:00
openvas
openvas
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
2014-03-17 00:00:00
cvelist
cvelist
CVE-2013-6037
2014-03-11 01:00:00
packetstorm
packetstorm
AKER Secure Mail Gateway 2.5.2 Cross Site Scripting
2014-03-07 00:00:00
prion
prion
Cross site scripting
2014-03-11 13:01:00
cve
cve
CVE-2013-6037
2014-03-11 13:01:03
nvd
nvd
CVE-2013-6037
2014-03-11 13:01:03