Detections
Analytics
McAfee Email Gateway Digest Token Reflected XSS (SB10099)
low Nessus Plugin ID 82529
Language:
Synopsis
The remote host is affected by a reflected cross-site scripting vulnerability.Description
The remote host has a version of McAfee Email Gateway (MEG) installed that is affected by a reflected cross-site scripting vulnerability due to improper validation of user-supplied input to unspecified tokens in digest messages. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary web script or HTML in a user's browser session.Solution
Apply the relevant hotfix referenced in the vendor advisory.See Also
https://kc.mcafee.com/corporate/index?page=content&id=SB10099
Plugin Details
Severity: Low
ID: 82529
File Name: mcafee_email_gateway_SB10099.nasl
Version: 1.7
Type: local
Family: Misc.
Published: 4/2/2015
Updated: 7/14/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.6
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
Vulnerability Information
CPE: cpe:/a:mcafee:email_gateway
Required KB Items: Host/McAfeeSMG/name, Host/McAfeeSMG/version, Host/McAfeeSMG/patches
Exploit Ease: No known exploits are available
Patch Publication Date: 1/20/2015
Vulnerability Publication Date: 1/20/2015
Reference Information
CVE: CVE-2015-1619
BID: 73420
MCAFEE-SB: SB10099