Vulnerability Note VU#763795
Netsweeper Internet Filter WebAdmin Portal multiple vulnerabilities
Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities.
Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2012-2446:
An attacker with access to the Netsweeper Internet Filter WebAdmin Portal web interface can conduct a cross-site scripting, cross-site request forgery, or sql injection attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|netsweeper||Affected||04 Jun 2012||28 Jun 2012|
CVSS Metrics (Learn More)
Thanks to Jacob Holcomb of Leland Public Schools for reporting this vulnerability.
This document was written by Michael Orlando.
- CVE IDs: CVE-2012-2446 CVE-2012-2447 CVE-2012-3859
- Date Public: 09 Jul 2012
- Date First Published: 09 Jul 2012
- Date Last Updated: 20 Aug 2012
- Document Revision: 24
If you have feedback, comments, or additional information about this vulnerability, please send us email.