Test Kennung:	1.3.6.1.4.1.25623.1.0.805297
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiMail WebGUI XSS Vulnerability (FG-IR-15-005)
Zusammenfassung:	Fortinet FortiMail is prone to a cross-site scripting (XSS); vulnerability.;; This VT has been deprecated and replaced by the VT 'FortiMail Stored XSS Vulnerability (FG-IR-15-005)'; (OID: 1.3.6.1.4.1.25623.1.0.805646).
Beschreibung:	Summary: Fortinet FortiMail is prone to a cross-site scripting (XSS) vulnerability. This VT has been deprecated and replaced by the VT 'FortiMail Stored XSS Vulnerability (FG-IR-15-005)' (OID: 1.3.6.1.4.1.25623.1.0.805646). Vulnerability Insight: The flaw exists because the 'Web Action Quarantine Release' feature does not validate input before returning it to users. Vulnerability Impact: Successful exploitation will allow remote attackers to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server. Affected Software/OS: FortiMail versions 4.3.x before 4.3.9, 5.0.x before 5.0.8, 5.1.x before 5.1.5 and 5.2.x before 5.2.3. Solution: Update to FortiMail version 4.3.9 or 5.0.8 or 5.1.5 or 5.2.3 or later. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8617 http://seclists.org/fulldisclosure/2015/Mar/5 http://www.securitytracker.com/id/1031859
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.