Lucene search

PRIOn knowledge basePRION:CVE-2007-1723

HistoryMar 28, 2007 - 12:19 a.m.

Cross site scripting

2007-03-2800:19:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.068 Low

EPSS

Percentile

93.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network, (2) defRouterIp, (3) hostName, (4) domainName, (5) ipAddress, (6) defaultRouter, (7) dns1, or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to © admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr, rows[1].attrValueStr, (16) rows[2].attrValue, or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr, (20) rows[3].attrValueStr, (21) rows[5].attrValueStr, or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.

CPENameOperatorVersion
ironmaileq6.1.1

CPE	Name	Operator	Version
	ironmail	eq	6.1.1

References

osvdb.org/34526

osvdb.org/34527

osvdb.org/34528

osvdb.org/34529

osvdb.org/34530

osvdb.org/34531

osvdb.org/34532

osvdb.org/34533

secunia.com/advisories/24657

securityreason.com/securityalert/2484

www.514.es/2007/03/siaadv07004_multiples_vulnerab.html

www.securityfocus.com/archive/1/463827/100/0/threaded

www.securitytracker.com/id?1017821

www.vupen.com/english/advisories/2007/1164

exchange.xforce.ibmcloud.com/vulnerabilities/33232