CVE-2014-2844

low

Published 2014-04-18 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.f-secure.com/en/web/labs_global/fsc-2014-2

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://secunia.com/advisories/58038

Application impact

Vendor	Product	Versions	Fixed
f-secure	secure_messaging_secure_gateway	`7.5.0`

References

http://seclists.org/fulldisclosure/2014/Apr/223
http://secunia.com/advisories/58038
http://www.f-secure.com/en/web/labs_global/fsc-2014-2
http://seclists.org/fulldisclosure/2014/Apr/223
http://secunia.com/advisories/58038
http://www.f-secure.com/en/web/labs_global/fsc-2014-2

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.