Release date:
Updated on:
Affected Systems:
SonicWALL AntiSpam & EMail 7.x
Description:
--------------------------------------------------------------------------------
SonicWall AntiSpam & EMail is an EMail solution.
SonicWALL Anti-Spam & Email Security 7.3.5 and earlier versions have multiple vulnerabilities. If some parameters are passed to some scripts, the input is incorrectly filtered and returned to the user, attackers can execute arbitrary HTML and script code in user browser sessions of affected sites. Affected scripts and parameters: http: // [host]/alert_history.html? From & row, http: // [host]/yy_approval_box.html? Pathname
<* Source: Benjamin Kunz Mejri
Link: http://www.vulnerability-lab.com/get_content.php? Id = 543
Http://secunia.com/advisories/50686/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
SonicWALL
---------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.sonicwall.com