SpamTitan contains a reflected cross-site scripting (XSS) vulnerability.
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
SpamTitan contains a reflected cross-site scripting vulnerability in the auth-settings-x.php page of the management interface. An attacker is able to load arbitrary script in the context of the user's browser through the sortdir parameter.
A remote unauthenticated attacker may be able to execute arbitrary script in the context of the end-user's browser session.
Apply an Update
Thanks to William Costa for reporting this vulnerability.
This document was written by Michael Orlando.
|Date First Published:||2014-06-23|
|Date Last Updated:||2014-06-23 13:46 UTC|