Aker Secure Mail Gateway Cross-Site Scripting Vulnerability Network Vulnerability

Summary

This host is running Aker Secure Mail Gateway and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application

Solution

Apply the patch from below link, http://www.aker.com.br/produtos/aker-secure-mail-gateway

Insight

Input passed via the 'msg_id' GET parameter to webgui/cf/index.php is not properly sanitised before being returned to the user.

Affected

Aker Secure Mail Gateway version 2.5.2 and prior

Detection

Send a crafted data via HTTP GET request and check whether it is able to read cookie or not.

References

http://packetstormsecurity.com/files/125599
http://seclists.org/fulldisclosure/2014/Mar/51
http://secunia.com/advisories/57236
http://www.kb.cert.org/vuls/id/687278
http://www.osvdb.org/104095

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6037
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Continuum Cross Site Scripting Vulnerability
Apache Tomcat TroubleShooter Servlet Installed
AMSI 'file' Parameter Directory Traversal Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability

Take action and discover your vulnerabilities