source: https://www.securityfocus.com/bid/51597/info Syneto Unified Threat Management is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are possible. Unified Threat Management 1.4.2 and 1.3.3 Community Edition are vulnerable; other versions may be affected. Proof of Concept: ================= The vulnerabilities can be exploited by privileged user accounts, lowviewers or remote attackers with required user inter action. For demonstration or reproduce ... 1.1.1 [+] Reports - Executive Summery - Output Listing Category
Status | Domain | Routing | Verify sender | Send digest | Actions |
---|---|---|---|---|---|
" type="hidden">
![]() |
"> | Reference(s): https://www.example.com.com/syneto.php?menuid=60 1.2 PoC: https://www.example.com.com/index.php?error=need_login"'>