CVE-2012-3238

Sažetak

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html
http://security.inshell.net/advisory/27
http://www.astaro.com/en-uk/blog/up2date/8305

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

10-07-2012 - 04:00

Objavljeno

09-07-2012 - 22:55