Astaro Security Gateway 8.1 - HTML Injection

source: https://www.securityfocus.com/bid/51301/info

Astaro Security Gateway is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would run in the context of the affected website, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user.

Astaro Security Gateway 8.1 is vulnerable; other versions may also be affected. 

<div style="left: 300px; top: 220px; z-index: 2000; visibility: visible;" class="iPopUp" id="iPopup_2"><div 

class="iPopUpTitle">Please confirm:</div><div class="iPopUpText"><p>&#8203;&#8203;&#8203;&#8203;&#8203;Are you sure 
that you want to delete the X509 certificate 

with private key object '>"<INCLUDED PERSISTENT SCRIPTCODE HERE!!!">'?</p></iframe></p></div><table border="0" 

cellpadding="0" cellspacing="0"><tbody><tr><td style="padding: 2px;"><div id="btnDefault_iPopup_2" class="button" 
style="width: 

auto; cursor: pointer; color: black; font-weight: bold;"><div class="button_left"></div><div class="button_center" 
style="width: 

auto;"><span style="font-weight: normal;">OK</span></div><div 
class="button_right"></div></div></td>&#8203;&#8203;&#8203;&#8203;&#8203;<td style="padding: 

2px;"><div class="button" style="width: auto; cursor: pointer; color: black;"><div class="button_left"></div><div 

class="button_center" style="width: auto;"><span style="font-weight: normal;">Cancel</span></div><div 

class="button_right"></div></div></td></tr></tbody></table></div>

        ../index.dat