CVE-2012-2590

Name of the Vulnerable Software and Affected Versions ESCON SupportPortal Professional Edition version 3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via an e-mail message body using various methods, including a SCRIPT element, a crafted SRC attribute of an IFRAME element, a crafted CONTENT attribute of an HTTP-EQUIV="Set-Cookie" META element, or an innerHTML attribute within an XML document.

Recommendations For ESCON SupportPortal Professional Edition version 3.0, consider disabling the handling of e-mail message bodies that contain SCRIPT elements, IFRAME elements with crafted SRC attributes, META elements with crafted CONTENT attributes, or XML documents with innerHTML attributes until a patch is available. Restrict access to the e-mail functionality to minimize the risk of exploitation.