PT-2007-5065 · Iss · Iss Proventia Network Ips

Published

2007-07-17

Updated

2012-10-31

CVE-2007-3830

CVSS v2.0

3.5

Low

Vector

AV:N/AC:M/Au:S/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: ISS Proventia Network IPS versions 1.3 through 1.3 (for GX5108) ISS Proventia Network IPS versions 1.5 through 1.5 (for GX5008)

Description: A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML via the reminder parameter in the alert.php file.

Recommendations: For ISS Proventia Network IPS version 1.3, update to a version that fixes this issue. For ISS Proventia Network IPS version 1.5, update to a version that fixes this issue. As a temporary workaround, consider restricting access to the alert.php file until a patch is available. Avoid using the reminder parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-3830

Affected Products

Iss Proventia Network Ips

PT-2007-5065 · Iss · Iss Proventia Network Ips

CVE-2007-3830

Related Identifiers

Affected Products

References · 5