I. VULNERABILITY ------------------------- Reflected XSS Attacks vulnerability in Symantec Messaging Gateway Version 10.5.1 II. BACKGROUND ------------------------- Symantec Corporation is an American computer security, backup and availability solutions software corporation headquartered in Mountain View, California, United States. It is a Fortune 500 company and a member of the S&P 500 stock market index III. DESCRIPTION ------------------------- Has been detected a Reflected XSS vulnerability in Messaging Gateway Version. The code injection is done through the parameter "displayTab" in the page ?/brightmail/setting/compliance/DlpConnectFlow$view.flo?displayTab=? IV. PROOF OF CONCEPT ------------------------- The application does not validate the parameter ?operand[]? correctly. https://10.200.210.143/brightmail/setting/compliance/DlpConnectFlow$view.flo?displayTab=aaaaa')</script><script>alert(?XSS?)</script><script>{(' V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. VI. SYSTEMS AFFECTED ------------------------- Tested in Symantec Messaging Gateway Version 10.5.1 VMWare VII. SOLUTION ------------------------- Upgrade Symantec Messaging Gateway 10.5.2 VIII. References ------------------------- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140422_00 http://www.securityfocus.com/bid/66966/info By William Costa william.costa@gmail.com