F-Secure Policy Manager Web Reporting allow administrators to identify computers that are unprotected or vulnerable to virus outbreaks before they actually occur.
Sow Ching Shiong, an independent vulnerability researcher has identified a Path Disclosure and Cross-Site Scripting vulnerability in F-Secure Policy Manager Web Reporting. This issue was discovered in a default installation of F-Secure Policy Manager Web Reporting 9.00.30231. Other earlier versions may also be affected.
Proof of concept
Cross-Site Scripting (XSS)
F-Secure recommends that administrators of the affected systems patch or upgrade their systems.
Vendor URL: http://www.f-secure.com/en/web/labs_global/fsc-2011-2
2011-01-17 - Vulnerability discovered.
2011-01-17 - Vulnerability reported to Secunia.
2010-01-25 - Secunia confirmed the vulnerability and contacted the vendor.
2011-02-24 - Patch released.
2011-02-24 - Advisory published by Secunia.