Description
Input passed to the "User-Agent" header parameter it isn't properly sanitised before being returned to the user on 404 or 500 error. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Confirmed in version MX 7. Other versions may also be affected.
Remediation
Contact the vendor for further information.
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1806)
PHP Improper Input Validation Vulnerability (CVE-2004-1019)
Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-2889)
ClipBucket Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3717)