Summary
Scalix Web Access is prone to an XML External Entity injection and to a Cross Site Scripting vulnerability.
Impact
Attackers can exploit the XML External Entity Injection to obtain potentially sensitive information. This may lead to further attacks. An attacker may leverage the Cross Site Scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Solution
Ask the Vendor for an update.
Affected
Scalix Web Access versions 11.4.6.12377, and 12.2.0.14697 are vulnerable.
Detection
Check the version
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9352, CVE-2014-9360 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:N
Related Vulnerabilities
- Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability June-2011 (Linux)
- Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)
- Adobe Digital Edition Information Disclosure Vulnerability (Mac OS X)
- Adobe Reader Multiple Unspecified Vulnerabilities Jun06 (Windows)
- Apple Safari WebKit Information Disclosure Vulnerability (Windows)