CVE-2014-2844 Information

Description

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

Reference

http://seclists.org/fulldisclosure/2014/Apr/223 http://secunia.com/advisories/58038 http://www.f-secure.com/en/web/labs_global/fsc-2014-2