Netsweeper Internet Filter WebAdmin Portal contains XSS, CSRF and SQLi vulnerabilities.
Netsweeper Internet Filter's WebAdmin Portal contains the following XSS, CSRF and SQLi vulnerabilities.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVE-2012-2446:
An attacker with access to the Netsweeper Internet Filter WebAdmin Portal web interface can conduct a cross-site scripting, cross-site request forgery, or sql injection attack, which could be used to result in information leakage, privilege escalation, and/or denial of service.
Thanks to Jacob Holcomb of Leland Public Schools for reporting this vulnerability.
This document was written by Michael Orlando.