F-Secure SAFE For Windows Cross Site Scripting Vulnerability

F-Secure SAFE For Windows is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

F-Secure Messaging Security Gateway 17.0 and prior versions are vulnerable.

Information

Bugtraq ID: 102121
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jun 12 2017 12:00AM
Updated: Dec 11 2017 10:11AM
Credit: Juho Nurminen
Vulnerable: F-Secure SAFE for Windows 17.0

Not Vulnerable:

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

• F-Secure SAFE Homepage (F-Secure)
  
• FSC-2017-4: Universal Cross-Site Scripting in F-Secure SAFE For Windows (F-secure)
  

Source: www.securityfocus.com