|
Description
|
|
(:Several vulnerabilities have been identified in FTGate.::- cross-site scripting in "filter" and "onMouseMove" parameters of "mailboxes/index.fts" page:- cross-site scripting in "type" and "mesid" parameters of "utility/editmessage.fts" page::A remote attacker can exploit them in order to execute arbitrary Javascript or HTML code by inciting their victim into following a specially formed link.::- cross-site request forgery that allows adding arbitrary domains:- cross-site request forgery that allows sending arbitrary logs to a remote server:- cross-site request forgery that allows the removing of email attachment blocking::A remote attacker could perform these operations with the privileges of their victim by inciting them into opening a malicious link.::Proofs of concept are available.)
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
FTGatePro (Floosietek) - 6.4.0
|
|
|
|
|
|
Solution
|
|
No solution for the moment.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
- hyp3rlinx : AS-FTGATE-2009-CSRF
http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-CSRF.txt
- hyp3rlinx : AS-FTGATE-2009-XSS
http://hyp3rlinx.altervista.org/advisories/AS-FTGATE-2009-XSS.txt
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
