CVE-2014-2844

F-secure Secure Messaging Secure Gateway - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

References (3)

[Exploit] http://seclists.org/fulldisclosure/2014/Apr/223

[Vendor Advisory] http://secunia.com/advisories/58038

[Vendor Advisory] http://www.f-secure.com/en/web/labs_global/fsc-2014-2

Scores

EPSS 0.0021

EPSS Percentile 43.1%

Details

CWE

CWE-79

Status published

Products (2)

f-secure/secure_messaging_secure_gateway

n/a/n/a

Published Apr 18, 2014

Tracked Since Feb 18, 2026