Description
Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the "Comment (optional)" field.
References (3)
Core 3
Core References
Third Party Advisory mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html
Exploit x_refsource_misc
http://security.inshell.net/advisory/27
Patch x_refsource_confirm
http://www.astaro.com/en-uk/blog/up2date/8305
Scores
EPSS
0.0054
EPSS Percentile
67.8%
Details
CWE
CWE-79
Status
published
Products (10)
astaro/security_gateway
astaro/security_gateway_software
< 8.3
sophos/unified_threat_management
110
sophos/unified_threat_management
120
sophos/unified_threat_management
220
sophos/unified_threat_management
320
sophos/unified_threat_management
425
sophos/unified_threat_management
525
sophos/unified_threat_management
625
sophos/unified_threat_management_software
< 8.3
Published
Jul 09, 2012
Tracked Since
Feb 18, 2026