SEC Consult SA-20141031-0 :: XML External Entity Injection (XXE) and Reflected XSS in Scalix Web Access

Posted by SEC Consult Vulnerability Lab on Oct 31

SEC Consult Vulnerability Lab Security Advisory < 20141031-0 >
=======================================================================
title: XML External Entity Injection (XXE) and Reflected XSS
product: Scalix Web Access
vulnerable version: 11.4.6.12377 and 12.2.0.14697
fixed version: –
impact: Critical
homepage: http://www.scalix.com/
found: 2014-08-27…

Leave a Reply