CVE-2012-2604

Name of the Vulnerable Software and Affected Versions Bradford Network Sentry versions prior to 5.3.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the GuestAccess.jsp file within the Guest/Contractor access component of the administrative interface. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via unspecified fields.

Recommendations For versions prior to 5.3.3, update to version 5.3.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the GuestAccess.jsp file until a patch is applied. Avoid using unspecified fields in the Guest/Contractor access component of the administrative interface until the issue is resolved.