Two vulnerabilities have been reported in IBM Lotus Protector for Mail Security and Proventia Network Mail Security System, which can be exploited by malicious users to disclose potentially sensitive information and by malicious people to conduct cross-site scripting attacks.

1) Input passed via the "template" parameter to javatester_init.php is not properly verified before being used to display files. This can be exploited to disclose the contents of arbitrary files via directory traversal sequences.

Successful exploitation of this vulnerability requires access to the administrative user interface (UI).

2) Input passed via the "alertID" parameter to pvm_eventlog_backend/logs_eventDetails.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions 2.1, 2.5, 2.5.1, and 2.8.

Solution
Apply updates (please see the vendor's advisory for details).

Provided and/or discovered by
muts, Offensive Security via US-CERT.

Changelog
Further details available to Secunia VIM customers

Original Advisory
IBM:
http://www.ibm.com/support/docview.wss?uid=swg21605199
http://www.ibm.com/support/docview.wss?uid=swg21605630
http://www.ibm.com/support/docview.wss?uid=swg21605626

muts:
http://www.exploit-db.com/exploits/20368/

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers