header-logo
Suggest Exploit
vendor:
Web Gateway
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Web Gateway
Affected Version From: Prior to Web Gateway 48.1.1
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: a:web_gateway:web_gateway
Metasploit:
Other Scripts:
Platforms Tested:
2008

Cross-Site Scripting Vulnerability in Web Gateway

The Web Gateway software is vulnerable to a cross-site scripting (XSS) attack due to insufficient input sanitization. An attacker can inject arbitrary script code into the affected site, potentially leading to the theft of authentication credentials and other malicious activities.

Mitigation:

To mitigate this vulnerability, it is recommended to update to Web Gateway version 48.1.1 or later. Additionally, input should be properly sanitized to prevent XSS attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26419/info

Web Gateway is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker to steal cookie-based authentication credentials and to launch other attacks.

This issue affects versions prior to Web Gateway 48.1.1. 

http://somevtlsweb.net/cgi-bin/vtls/vtls.web.gateway?authority=1&searchtype=subject%22%3E%3Ch1%3E%3Cmarquee%3EXSS%20bug%3C/marquee%3E%3C/h1%3E%3C!--&kind=ns&conf=080104+++++++

Navigation

Suggest Exploit

Services By CQR