ID de Prueba:	1.3.6.1.4.1.25623.1.0.100314
Categoría:	Web application abuses
Título:	AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
Resumen:	AfterLogic WebMail Pro is prone to multiple cross-site scripting; vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Descripción:	Summary: AfterLogic WebMail Pro is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Vulnerability Impact: Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. Affected Software/OS: AfterLogic WebMail Pro 4.7.10 and prior versions are affected. Solution: Reports indicate that the vendor addressed these issues in WebMail Pro 4.7.11, but Symantec has not confirmed this. Please contact the vendor for more information. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4743 BugTraq ID: 36605 http://www.securityfocus.com/bid/36605 http://www.gardienvirtuel.com/fichiers/documents/publications/GVI_2009-01_EN.txt http://osvdb.org/58712 http://secunia.com/advisories/36964 XForce ISS Database: webmail-historystorage-xss(53672) https://exchange.xforce.ibmcloud.com/vulnerabilities/53672
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.