XSS in Skyhigh Security SWG
CVE-2023-0214

6.1MEDIUM

Key Information:

Vendor: Skyhigh Security
Status: Secure Web Gateway (swg)
Vendor: CVE Published:; 18 January 2023

🔔 Create Skyhigh Security Vulnerability Alert

What is CVE-2023-0214?

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.

Affected Version(s)

Secure Web Gateway (SWG) 11.x < 11.2.6

Secure Web Gateway (SWG) 10.x < 10.2.17

Secure Web Gateway (SWG) 12.x < 12.0.1

References

https://kcm.trellix.com/corporate/index?page=content&id=S...

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 18, 2023
Vulnerability Reserved
Jan 11, 2023

Credit

RedTeam Pentesting GmbH