Symantec Messaging Gateway 10.5.1 Cross Site Scripting

`I. VULNERABILITY  
  
-------------------------  
  
Reflected XSS Attacks vulnerability in Symantec Messaging Gateway Version  
10.5.1  
  
  
  
II. BACKGROUND  
  
-------------------------  
  
Symantec Corporation is an American computer security, backup and  
availability solutions software corporation headquartered in Mountain  
View, California, United States. It is a Fortune 500 company and a  
member of the S&P 500 stock market index  
  
  
  
III. DESCRIPTION  
  
-------------------------  
  
Has been detected a Reflected XSS vulnerability in Messaging Gateway Version.  
  
The code injection is done through the parameter "displayTab" in the  
page “/brightmail/setting/compliance/DlpConnectFlow$view.flo?displayTab=”  
  
  
  
IV. PROOF OF CONCEPT  
  
-------------------------  
  
The application does not validate the parameter “operand[]” correctly.  
  
  
  
https://10.200.210.143/brightmail/setting/compliance/DlpConnectFlow$view.flo?displayTab=aaaaa')</script><script>alert(“XSS”)</script><script>{('  
  
  
  
V. BUSINESS IMPACT  
  
-------------------------  
  
An attacker can execute arbitrary HTML or script code in a targeted  
  
user's browser, that allows the execution of arbitrary HTML/script  
code to be executed in the context of the victim user's browser.  
  
  
  
  
  
VI. SYSTEMS AFFECTED  
  
-------------------------  
  
Tested in Symantec Messaging Gateway Version 10.5.1 VMWare  
  
  
  
  
  
VII. SOLUTION  
  
-------------------------  
  
Upgrade Symantec Messaging Gateway 10.5.2  
  
  
  
VIII. References  
  
-------------------------  
  
  
  
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140422_00  
  
  
  
http://www.securityfocus.com/bid/66966/info  
  
  
  
By William Costa  
  
[email protected]  
  
  
`