Cross-Site Scripting Vulnerabilities in IBM Lotus Protector for Mail Security
CVE-2012-2955

Currently unrated

Key Information:

Vendor: IBM
Status: Proventia Network Mail Security System Firmware; Proventia Network Mail Security System
Vendor: CVE Published:; 20 July 2012

Summary

Multiple cross-site scripting vulnerabilities exist in the administrative user interface of IBM Lotus Protector for Mail Security across various versions. These vulnerabilities allow remote attackers to craft requests that inject arbitrary web scripts or HTML via the query string, potentially leading to unauthorized actions and data exposure. Proper handling of inputs and enhanced security measures are vital to mitigating these risks.

References

http://osvdb.org/84014

vdb-entryx_refsource_OSVDB

http://www-01.ibm.com/support/docview.wss?uid=swg21605626

x_refsource_CONFIRM

http://www.kb.cert.org/vuls/id/659791

third-party-advisoryx_refsource_CERT-VN

Timeline

Vulnerability published
Jul 20, 2012
Vulnerability Reserved
May 30, 2012