MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2012-3238

CVSS 4.3v2.0pub. 2012-07-09upd. 2026-04-29

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

CVSS Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Astaro Security Gateway

    HW
    Astaro
    wszystkie wersje
  • Astaro Security Gateway Software

    APP
    Astaro
    ≤ 8.3
  • Sophos Unified Threat Management

    HW
    Sophos
    110120220320425525625
  • Sophos Unified Threat Management Software

    APP
    Sophos
    ≤ 8.3
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2020-25223CRITICAL9.8⚠ KEVten sam produkt

A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, a...

CVE-2022-0386HIGH8.8ten sam produkt

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to ex...

CVE-2015-7547HIGH8.1ten sam produkt

Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in...

CVE-2016-0778HIGH8.1ten sam produkt

The (1) roaming_read and (2) roaming_write functions in roaming_common.c in the client in OpenSSH 5.x, 6.x, an...

CVE-2014-2537HIGH7.8ten sam produkt

Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 allows remote attackers to cause a denia...