ID de Prueba:	1.3.6.1.4.1.25623.1.0.804637
Categoría:	Web application abuses
Título:	Transform Foundation Server Multiple Cross Site Scripting Vulnerabilities
Resumen:	Transform Foundation Server is prone to multiple cross site scripting vulnerabilities.
Descripción:	Summary: Transform Foundation Server is prone to multiple cross site scripting vulnerabilities. Vulnerability Insight: Multiple flaws exist due to an: - Improper validation of input passed via 'db' and 'referer' POST parameters passed to /index.fsp/index.fsp script. - Improper validation of the input passed via 'pn' GET parameter passed to /index.fsp script. - Improper validation of input passed via the URL before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: Transform Foundation Server version 4.3.1 and 5.2 Solution: Apply the update from the referenced advisory. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-2577 BugTraq ID: 67810 http://www.securityfocus.com/bid/67810 Bugtraq: 20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies (Google Search) http://www.securityfocus.com/archive/1/532286/100/0/threaded http://seclists.org/fulldisclosure/2014/Jun/15 http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.