Summary
The host is running NetSaro Enterprise Messenger Server and is prone to multiple cross-site scripting and cross-site request forgery vulnerabilities.
Impact
Successful exploitation could allow remote attackers to execute arbitrary script code within the users browser session in the security context of the target site and the attacker could gain access to users cookies (including authentication cookies).
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Multiple flaws are exists as the user supplied input received via various parameters is not properly sanitized. This can be exploited by submitting specially crafted input to the affected software.
Affected
NetSaro Enterprise Messenger Server version 2.0 and prior.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
- Apple Safari Webkit Multiple Vulnerabilities - May13 (Mac OS X)
- Asterisk Missing ACL Check Remote Security Bypass Vulnerability
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Apache Tomcat Multiple Vulnerabilities - 03 Mar14