CVE-2012-3238 — Cross-site Scripting in Security Gateway Software

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.5%

top 32.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Astaro Security Gateway Software Sophos Unified Threat Management Software Sophos Unified Threat Management

Timeline

PublishedJul 9

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDastaro/security_gateway_software8.3

▶NVDsophos/unified_threat_management_software8.3

▶NVDsophos/unified_threat_management7 versions+6

Patches

Patch: www.astaro.com ↗Patch: www.astaro.com ↗

🔴Vulnerability Details

GHSA

GHSA-rhrx-w7gw-xwvg: Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8↗2022-05-17

▶

CVEList

CVE-2012-3238: Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8↗2012-07-09

▶