Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3238

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3238
Last Modified 10 Jul 2012 12:00:00
Published 09 Jul 2012 06:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3238

Summary

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

Vulnerable Systems

Application

  • Astaro Security Gateway Software 8.3

  • Sophos Unified Threat Management Software 8.3


References

CONFIRM - http://www.astaro.com/en-uk/blog/up2date/8305

MISC - http://security.inshell.net/advisory/27

FULLDISC - 20120610 [CVE-2012-3238] Astaro Security Gateway <= v8.304 Persistent Cross-Site Scripting Vulnerability


Last Updated: 27 May 2016 10:54:50