cbcvebase.
CVE-2023-0214
published 2023-01-18

CVE-2023-0214: A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1…

PriorityP338medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
1.89%
77.0th percentile
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.

Affected

6 ranges
VendorProductVersion rangeFixed in
skyhigh_securitysecure_web_gateway>= 10.x < 10.2.1710.2.17
skyhigh_securitysecure_web_gateway>= 11.x < 11.2.611.2.6
skyhigh_securitysecure_web_gateway>= 12.x < 12.0.112.0.1
trellixskyhigh_secure_web_gateway
trellixskyhigh_secure_web_gateway>= 10.0.0 < 10.2.1710.2.17
trellixskyhigh_secure_web_gateway>= 11.0.0 < 11.2.611.2.6
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.