CVE-2017-9813

Name of the Vulnerable Software and Affected Versions Kaspersky Anti-Virus for Linux File Server versions prior to 8.0.4.312

Description The issue concerns a cross-site scripting (XSS) vulnerability related to the scriptName parameter of the licenseKeyInfo action method. This vulnerability can be exploited by a remote attacker to gain access to files on the targeted system. The vulnerability exists due to inadequate protection of the web page structure.

Recommendations For versions prior to 8.0.4.312, update to version 8.0.4.312 or later to resolve the issue. As a temporary workaround, consider restricting access to the licenseKeyInfo action method to minimize the risk of exploitation. Avoid using the scriptName parameter in the affected action method until the issue is resolved.