Multiple XSS Vulnerabilities in IBM Proventia Network Mail Security System
CVE-2010-0152

Currently unrated

Key Information:

Vendor: IBM
Status: Proventia Network Mail Security System Virtual Appliance; Proventia Network Mail Security System Virtual Appliance Firmware
Vendor: CVE Published:; 14 September 2010

Summary

The IBM Proventia Network Mail Security System contains multiple cross-site scripting (XSS) vulnerabilities in its Local Management Interface (LMI). These vulnerabilities, found in various parameters such as date1, userfilter, ping, and action across several scripts, enable remote attackers to inject arbitrary web scripts or HTML. This issue can be exploited through specific actions in the web application's functionality, potentially compromising user data and security. Additionally, authenticated users may inadvertently expose themselves to risks by saving search filters that allow script injection. Immediate attention and patching are recommended for systems running firmware versions prior to 2.5.0.2.

References

http://www.ventuneac.net/security-advisories/MVSA-10-007

x_refsource_MISC

http://www.securityfocus.com/archive/1/513629/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Sep 14, 2010
Vulnerability Reserved
Jan 4, 2010