Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Astaro | Security Gateway Software | <= 8.3 |
| Astaro | Security Gateway | All versions |
| Sophos | Unified Threat Management Software | <= 8.3 |
| Sophos | Unified Threat Management | 110 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html
- http://security.inshell.net/advisory/27Exploit
- http://www.astaro.com/en-uk/blog/up2date/8305Patch
- http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html
- http://security.inshell.net/advisory/27Exploit
- http://www.astaro.com/en-uk/blog/up2date/8305Patch
FAQ
What is CVE-2012-3238?
CVE-2012-3238 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Com...
How severe is CVE-2012-3238?
CVE-2012-3238 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3238?
Check the references section above for vendor advisories and patch information. Affected products include: Astaro Security Gateway Software, Astaro Security Gateway, Sophos Unified Threat Management Software, Sophos Unified Threat Management.