SAINT Security Advisory #13

Date: April 19, 2019
Affected Software: SAINT 9.2 through 9.5.14
Severity: medium
Advisory URL: http://download.saintcorporation.com/products/saint_advisory13.txt

IMPACT

A remote attacker who is able to trick an authenticated SAINT user into
clicking on a malicious link could gain unauthorized access to the SAINT
web interface.

PROBLEM DESCRIPTION

The SAINT web interface does not sufficiently sanitize query string parameters,
allowing cross-site scripting attacks.

MITIGATING FACTORS

An authenticated SAINT user would need to click on a malicious link provided
by an attacker in order for this vulnerability to be exploited.

RESOLUTION

Upgrade to SAINT 9.5.15 or higher.

CONTACT INFORMATION

For more information about this advisory, please
contact SAINT technical support at https://support.saintcorporation.com.

ACKNOWLEDGEMENTS

Thanks to David Bloom for reporting this vulnerability.

Copyright 2019  SAINT Corporation.