CVE-2023-0214

MEDIUM

Skyhigh SWG <11.2.6-10.2.17-12.0.1 - XSS

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2023-0214. PoCs published by RedTeam Pentesting GmbH, 0pts.

AI-analyzed exploit summary The exploit details a Cross-Site Scripting (XSS) vulnerability in Secure Web Gateway 10.2.11, where attackers can inject arbitrary headers and body content via the 'p' parameter in the 'SetLoginToken' action, leading to XSS attacks. The PoC demonstrates header injection to return arbitrary HTML/JavaScript content.

Description

A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party website, causing arbitrary content to be injected into the response when accessed through SWG.

Exploits (2)

exploitdb WRITEUP

by RedTeam Pentesting GmbH · textwebappsmultiple

https://www.exploit-db.com/exploits/51237

View Code ZIP pw:eip

The exploit details a Cross-Site Scripting (XSS) vulnerability in Secure Web Gateway 10.2.11, where attackers can inject arbitrary headers and body content via the 'p' parameter in the 'SetLoginToken' action, leading to XSS attacks. The PoC demonstrates header injection to return arbitrary HTML/JavaScript content.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Secure Web Gateway 10.2.11

No auth needed

Prerequisites: Access to the SWG proxy · Knowledge of the '/mwg-internal/de5fs23hu73ds/' prefix

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by 0pts · poc

https://github.com/0pts/CVE-2023-0214

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2023-0214, an HTTP Response Splitting vulnerability in Skyhigh Secure Web Gateway (formerly McAfee Web Gateway). The exploit leverages improper handling of URL parameters to inject arbitrary HTTP headers and HTML/JavaScript payloads.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Skyhigh Secure Web Gateway (formerly McAfee Web Gateway)

No auth needed

Prerequisites: Access to the target Skyhigh Secure Web Gateway instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Vendor Advisory

https://kcm.trellix.com/corporate/index?page=content&id=SB10393

Scores

CVSS v3 6.1

EPSS 0.0191

EPSS Percentile 77.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Products (2)

trellix/skyhigh_secure_web_gateway 12.0.0

trellix/skyhigh_secure_web_gateway 10.0.0 - 10.2.17

Published Jan 18, 2023

Tracked Since Feb 18, 2026