CVE-2023-0214
published 2023-01-18CVE-2023-0214: A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1…
PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.89%
77.0th percentile
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| skyhigh_security | secure_web_gateway | >= 10.x < 10.2.17 | 10.2.17 |
| skyhigh_security | secure_web_gateway | >= 11.x < 11.2.6 | 11.2.6 |
| skyhigh_security | secure_web_gateway | >= 12.x < 12.0.1 | 12.0.1 |
| trellix | skyhigh_secure_web_gateway | — | — |
| trellix | skyhigh_secure_web_gateway | >= 10.0.0 < 10.2.17 | 10.2.17 |
| trellix | skyhigh_secure_web_gateway | >= 11.0.0 < 11.2.6 | 11.2.6 |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2023-01-18
Published