First published: Mon Jul 09 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sophos Astaro Security Gateway | <=8.3 | |
Sophos Astaro Security Gateway | ||
Sophos Unified Threat Management | <=8.3 | |
Sophos Unified Threat Management | =110 | |
Sophos Unified Threat Management | =120 | |
Sophos Unified Threat Management | =220 | |
Sophos Unified Threat Management | =320 | |
Sophos Unified Threat Management | =425 | |
Sophos Unified Threat Management | =525 | |
Sophos Unified Threat Management | =625 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2012-3238 is rated as a medium severity vulnerability due to its potential for Cross-site scripting (XSS) attacks.
To fix CVE-2012-3238, update the Astaro Security Gateway software to version 8.305 or later.
CVE-2012-3238 is a Cross-site scripting (XSS) vulnerability in the Backup/Restore component of WebAdmin.
CVE-2012-3238 affects Astaro Security Gateway versions prior to 8.305 and several versions of Sophos Unified Threat Management.
Yes, CVE-2012-3238 can be exploited remotely by attackers to inject arbitrary web scripts or HTML.