NVD

Id
50928  
Name
CVE-2009-3748  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Web Administrator in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allow remote attackers to inject arbitrary web script or HTML via the (1) FileName, (2) IsolatedMessageID, (3) ServerName, (4) Dictionary, (5) Scoring, and (6) MessagePart parameters to web/msgList/viewmsg/actions/msgAnalyse.asp; the (7) Queue, (8) FileName, (9) IsolatedMessageID, and (10) ServerName parameters to actions/msgForwardToRiskFilter.asp and viewHeaders.asp in web/msgList/viewmsg/; and (11) the subject in an e-mail message that is held in a Queue.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-10-22  
Modified Date
2009-10-29  
Seq
2009-3748  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
257917 50928 CVE-2009-3748 http://kb.websense.com/display/4/kb/article.aspx?aid=4786  View
257918 50928 CVE-2009-3748 http://sotiriu.de/adv/NSOADV-2009-003.txt  View
257919 50928 CVE-2009-3748 20091020 NSOADV-2009-003: Websense Email Security Cross Site Scripting  View
257920 50928 CVE-2009-3748 36741  View
257921 50928 CVE-2009-3748 ADV-2009-2987  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
45424 JVNDB-2009-006431 Websense Personal Email Manager および Email Security の Web Administrator におけるクロスサイトスクリプティングの脆弱性 Websense Personal Email Manager および Email Security の Web Administrator には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2009-3748 41179 CVE-2009-3748 50928 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-006431.html 2009-10-22 2012-12-20 View