1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar

Product Security

FSC-2011-2: Cross-site Scripting Vulnerability


Brief Description

A cross-site scripting and path disclosure vulnerability exist in the WebReporting module of F-Secure Policy Manager.

Mitigating Factors

The WebReporting interface is typically used internally in corporate networks which limits the number of remote hosts that can attempt to exploit this vulnerability.

Affected Platforms   

All platforms supported by the affected products.


Risk Level: MEDIUM (Low/Medium/High/Critical)

•  F-Secure Policy Manager versions 7.x, 8.x and 9.x


F-Secure recommends that administrators of the affected systems patch or upgrade their systems.


F-Secure Corporation wants to thank Sow Ching Shiong for bringing this issue to our attention.

Patch Available

Product Versions        Download
F-Secure Policy Manager for Windows 8.00 ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.00-windows-hotfix-2.zip
F-Secure Policy Manager for Windows 8.1x ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-8.1x-windows-hotfix-3.zip
F-Secure Policy Manager for Windows 9.00 ftp://ftp.f-secure.com/support/hotfix/fspm/fspm-9.00-windows-hotfix-4.zip
F-Secure Policy Manager for Linux 8.00 ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.00-linux-hotfix-2.zip
F-Secure Policy Manager for Linux 8.1x ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-8.1x-linux-hotfix-2.zip
F-Secure Policy Manager for Linux 9.00 ftp://ftp.f-secure.com/support/hotfix/fspm-linux/fspm-9.00-linux-hotfix-2.zip

Date Issued: 2011-02-24
Last Updated: 2011-02-24

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Get Support online

For documentation and product support, visit our Support site.