Lucene search

CVE-2023-0214

🗓️ 18 Jan 2023 11:10:15Reported by trellixType

cve🔗 web.nvd.nist.gov👁 31 Views🌐 WEB

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 8
Prion	Cross site scripting	18 Jan 202311:15	–	prion
NVD	CVE-2023-0214	18 Jan 202311:15	–	nvd
0day.today	Secure Web Gateway 10.2.11 - Cross-Site Scripting Vulnerability	5 Apr 202300:00	–	zdt
0day.today	Secure Web Gateway 10.2.11 Cross Site Scripting Vulnerability	26 Jan 202300:00	–	zdt
Exploit DB	Secure Web Gateway 10.2.11 - Cross-Site Scripting (XSS)	5 Apr 202300:00	–	exploitdb
Vulnrichment	CVE-2023-0214 XSS in Skyhigh Security SWG	18 Jan 202310:49	–	vulnrichment
Packet Storm	Secure Web Gateway 10.2.11 Cross Site Scripting	26 Jan 202300:00	–	packetstorm
Cvelist	CVE-2023-0214 XSS in Skyhigh Security SWG	18 Jan 202310:49	–	cvelist

Nvd

Node

trellix skyhigh_secure_web_gatewayRange10.0.0–10.2.17

trellix skyhigh_secure_web_gatewayRange11.0.0–11.2.6

trellix skyhigh_secure_web_gatewayMatch12.0.0

[
  {
    "defaultStatus": "unaffected",
    "product": "Secure Web Gateway (SWG)",
    "vendor": "Skyhigh Security",
    "versions": [
      {
        "lessThan": "11.2.6",
        "status": "affected",
        "version": "11.x",
        "versionType": "custom"
      },
      {
        "lessThan": "10.2.17",
        "status": "affected",
        "version": "10.x",
        "versionType": "custom"
      },
      {
        "lessThan": "12.0.1",
        "status": "affected",
        "version": "12.x",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kcm	www.kcm.trellix.com/corporate/index

Parameter	Position	Path	Description	CWE
target	query param	/mwg-internal/de5fs23hu73ds/plugin	Cross-site scripting vulnerability allowing injection of arbitrary content into responses by manipulating URL parameters through the SWG.	CWE-79
action	query param	/mwg-internal/de5fs23hu73ds/plugin	Cross-site scripting vulnerability allowing injection of arbitrary content into responses by manipulating URL parameters through the SWG.	CWE-79
v	query param	/mwg-internal/de5fs23hu73ds/plugin	Cross-site scripting vulnerability allowing injection of arbitrary content into responses by manipulating URL parameters through the SWG.	CWE-79
c	query param	/mwg-internal/de5fs23hu73ds/plugin	Cross-site scripting vulnerability allowing injection of arbitrary content into responses by manipulating URL parameters through the SWG.	CWE-79
p	query param	/mwg-internal/de5fs23hu73ds/plugin	Cross-site scripting vulnerability allowing injection of arbitrary content into responses by manipulating URL parameters through the SWG.	CWE-79

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Jan 2023 11:15Current

6Medium risk

Vulners AI Score6

CVSS36.1

EPSS0.05728

SSVC

CWE-79