VULNERABILITIES / FIXES - November 11, 2013
by Carol~ - 11/11/13 9:00 AM
IBM Security Network Protection XGS 5100 Local Management Interface Cross-Site Scripting Vulnerability
Release Date : 2013-11-11
Criticality level : Less critical
Impact : Cross Site Scripting
Where : From remote
Solution Status: Vendor Patch
Operating System: IBM Security Network Protection
A vulnerability has been reported in IBM Security Network Protection, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain input related to the Local Management Interface is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerability is reported in XGS 5100 running firmware versions 5.1 and 5.1.1.
Update to firmware versions 18.104.22.168 or 22.214.171.124.
Provided and/or discovered by:
Reported by the vendor.