Lucene search
K

CVE-2023-0214

🗓️ 18 Jan 2023 10:49:16Reported by trellixType 
cve
 cve
🔗 web.nvd.nist.gov👁 46 Views🌐 WEB

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
0day.today
Secure Web Gateway 10.2.11 Cross Site Scripting Vulnerability
26 Jan 202300:00
zdt
0day.today
Secure Web Gateway 10.2.11 - Cross-Site Scripting Vulnerability
5 Apr 202300:00
zdt
Circl
CVE-2023-0214
3 Apr 202518:35
circl
CNNVD
McAfee Skyhigh Secure Web Gateway 跨站脚本漏洞
18 Jan 202300:00
cnnvd
Cvelist
CVE-2023-0214 XSS in Skyhigh Security SWG
18 Jan 202310:49
cvelist
Exploit DB
Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)
5 Apr 202300:00
exploitdb
EUVD
EUVD-2023-12303
3 Oct 202520:07
euvd
NVD
CVE-2023-0214
18 Jan 202311:15
nvd
OSV
CVE-2023-0214
18 Jan 202311:15
osv
Packet Storm
Secure Web Gateway 10.2.11 Cross Site Scripting
26 Jan 202300:00
packetstorm
Rows per page
NVD
[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Web Gateway (SWG)",
    "vendor": "Skyhigh Security",
    "versions": [
      {
        "lessThan": "11.2.6",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      },
      {
        "lessThan": "10.2.17",
        "status": "affected",
        "version": "10.x",
        "versionType": "custom"
      },
      {
        "lessThan": "12.0.1",
        "status": "affected",
        "version": "12.x",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
pquery parammwg-internal/de5fs23hu73ds/pluginCross-site scripting via SWG internal plugin SetLoginToken allowing arbitrary headers/body by injecting p parameterCWE-79
vquery parammwg-internal/de5fs23hu73ds/pluginCross-site scripting via SWG internal plugin SetLoginToken allowing arbitrary headers/body by injecting p parameterCWE-79
cquery parammwg-internal/de5fs23hu73ds/pluginCross-site scripting via SWG internal plugin SetLoginToken allowing arbitrary headers/body by injecting p parameterCWE-79

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 05:25Current
6Medium risk
Vulners AI Score6
CVSS 3.16.1
EPSS0.0189
SSVC
46