CVE-2007-1723 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the administration console in Secure Computing CipherTrust IronMail 6.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) network (2) defRouterIp (3) hostName (4) domainName (5) ipAddress (6) defaultRouter (7) dns1 or (8) dns2 parameter to (a) admin/system_IronMail.do; the (9) ipAddress parameter to (b) admin/systemOutOfBand.do; the (10) password or (11) confirmPassword parameter to (c) admin/systemBackup.do; the (12) Klicense parameter to (d) admin/systemLicenseManager.do; the (13) rows[1].attrValueStr or (14) rows[2].attrValueStr parameter to (e) admin/systemWebAdminConfig.do; the (15) rows[0].attrValueStr rows[1].attrValueStr (16) rows[2].attrValue or (17) rows[2].attrValueStrClone parameter to (f) admin/ldap_ConfigureServiceProperties.do; the (18) input1 parameter to (g) admin/mailFirewall_MailRoutingInternal.do; or the (19) rows[2].attrValueStr (20) rows[3].attrValueStr (21) rows[5].attrValueStr or (22) rows[6].attrValueStr parameter to (h) admin/mailIdsConfig.do.

Reference

http://osvdb.org/34526 http://osvdb.org/34527 http://osvdb.org/34528 http://osvdb.org/34529 http://osvdb.org/34530 http://osvdb.org/34531 http://osvdb.org/34532 http://osvdb.org/34533 http://secunia.com/advisories/24657 http://securityreason.com/securityalert/2484 http://www.514.es/2007/03/siaadv07004_multiples_vulnerab.html http://www.securityfocus.com/archive/1/463827/100/0/threaded http://www.securitytracker.com/id?1017821 http://www.vupen.com/english/advisories/2007/1164 https://exchange.xforce.ibmcloud.com/vulnerabilities/33232