CVE-2018-18370

MEDIUM

Broadcom Advanced Secure Gateway and ProxySG 6.5-6.7 - Stored Cross-Site Scripting in WebFTP Mode

Title source: llm
STIX 2.1

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.symantec.com/us/en/article.SYMSA1472.html

Scores

CVSS v3 6.1
EPSS 0.0025
EPSS Percentile 48.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (4)
broadcom/advanced_secure_gateway 6.6
broadcom/advanced_secure_gateway 6.7 - 6.7.4.2
broadcom/symantec_proxysg 6.6
broadcom/symantec_proxysg 6.5 - 6.5.10.15
Published Aug 30, 2019
Tracked Since Feb 18, 2026