Cross-Site Scripting Vulnerability in Kaspersky Anti-Virus for Linux File Server
CVE-2017-9813

6.1MEDIUM

Key Information:

Vendor
Kaspersky
Status
Anti-virus For Linux Server
Vendor
CVE Published:
17 July 2017

Summary

In Kaspersky Anti-Virus for Linux File Server prior to Maintenance Pack 2 Critical Fix 4 (version 8.0.4.312), the 'scriptName' parameter of the 'licenseKeyInfo' action method is susceptible to cross-site scripting attacks. This vulnerability may allow unauthorized users to inject arbitrary JavaScript code into web pages viewed by legitimate users, potentially compromising sensitive data and leading to unauthorized actions within the application. Proper input validation and sanitization measures should be implemented to mitigate this risk.

References

http://seclists.org/fulldisclosure/2017/Jun/33
mailing-listx_refsource_FULLDISC
http://packetstormsecurity.com/files/143190/Kaspersky-Ant...
x_refsource_MISC
http://www.securityfocus.com/bid/99330
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.