CVE-2018-18370
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
El modo WebFTP del Proxy FTP de ASG/ProxySG, permite interceptar conexiones FTP donde un usuario accede a un servidor FTP por medio de una URL ftp:// en un navegador web. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en el modo WebFTP permite a un atacante remoto inyectar código JavaScript malicioso en un listado web de ASG/ProxySG de un servidor FTP remoto. La explotación de la vulnerabilidad requiere que el atacante sea capaz de cargar archivos especialmente diseñados en el servidor FTP remoto. Versiones afectadas: ASG versión 6.6 y versiones 6.7 anteriores a 6.7.4.2; ProxySG versiones 6.5 anteriores a 6.5.10.15, 6.6 y versiones 6.7 anteriores a 6.7.4.2.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-15 CVE Reserved
- 2019-08-29 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://support.symantec.com/us/en/article.SYMSA1472.html | 2021-07-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | >= 6.7 < 6.7.4.2 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version " >= 6.7 < 6.7.4.2" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | 6.6 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version "6.6" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.5 < 6.5.10.15 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.5 < 6.5.10.15" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.7 < 6.7.4.2 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.7 < 6.7.4.2" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | 6.6 Search vendor "Broadcom" for product "Symantec Proxysg" and version "6.6" | - |
Affected
|