CVE-2014-2844

Name of the Vulnerable Software and Affected Versions F-Secure Messaging Secure Gateway version 7.5.0 before Patch 1862

Description A cross-site scripting (XSS) issue allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin. This can be achieved by accessing specific API endpoints, although the exact endpoint is not specified.

Recommendations For F-Secure Messaging Secure Gateway version 7.5.0, apply Patch 1862 to resolve the issue. As a temporary workaround, consider restricting access to the SysUser module to minimize the risk of exploitation. Avoid using the new parameter in the affected module until the issue is resolved.