McAfee Email Gateway Digest Token Reflected XSS (SB10099)
Low Nessus Plugin ID 82529
SynopsisThe remote host is affected by a reflected cross-site scripting vulnerability.
DescriptionThe remote host has a version of McAfee Email Gateway (MEG) installed that is affected by a reflected cross-site scripting vulnerability due to improper validation of user-supplied input to unspecified tokens in digest messages. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary web script or HTML in a user's browser session.
SolutionApply the relevant hotfix referenced in the vendor advisory.