CVE-2007-2592 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Nokia Intellisync Mobile Suite 6.4.31.2 6.6.0.107 and 6.6.2.2 possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to de/pda/dev_logon.asp and (2) multiple unspecified vectors in (a) usrmgr/registerAccount.asp (b) de/create_account.asp and other files.

Reference

http://osvdb.org/34515 http://osvdb.org/34516 http://osvdb.org/34517 http://secunia.com/advisories/25212 http://secunia.com/advisories/26199 http://securityreason.com/securityalert/2689 http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5005120.html http://www.sec-consult.com/289.html http://www.securityfocus.com/archive/1/468048/100/0/threaded http://www.securityfocus.com/bid/23889 http://www.securitytracker.com/id?1018454 http://www.vupen.com/english/advisories/2007/1727 http://www.vupen.com/english/advisories/2007/2657 https://exchange.xforce.ibmcloud.com/vulnerabilities/34187