CVE-2023-0214

Опубликовано: 18 янв. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.

Ссылки

https://kcm.trellix.com/corporate/index?page=content&id=SB10393
Vendor Advisory
https://kcm.trellix.com/corporate/index?page=content&id=SB10393
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:trellix:skyhigh_secure_web_gateway:*:*:*:*:*:*:*:*

Версия от 10.0.0 (включая) до 10.2.17 (исключая)

cpe:2.3:a:trellix:skyhigh_secure_web_gateway:*:*:*:*:*:*:*:*

Версия от 11.0.0 (включая) до 11.2.6 (исключая)

cpe:2.3:a:trellix:skyhigh_secure_web_gateway:12.0.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08858

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-fwv5-6pxv-2xm7