[RT-SA-2022-002] Skyhigh Security Secure Web Gateway: Cross-Site Scripting in Single
<p>Posted by RedTeam Pentesting GmbH on Jan 26</p>RedTeam Pentesting identified a vulnerability which allows attackers to<br>
craft URLs to any third-party website that result in arbitrary content<br>
to be injected into the response when accessed through the Secure Web<br>
Gateway. While it is possible to inject arbitrary content types, the<br>
primary risk arises from JavaScript code allowing for cross-site<br>
scripting.<br>
<br>
Details<br>
=======<br>
<br>
Product: Secure Web Gateway<br>
Affected Versions: 10.2.11, potentially other...<br>
<p>Posted by RedTeam Pentesting GmbH on Jan 26</p>RedTeam Pentesting identified a vulnerability which allows attackers to<br>
craft URLs to any third-party website that result in arbitrary content<br>
to be injected into the response when accessed through the Secure Web<br>
Gateway. While it is possible to inject arbitrary content types, the<br>
primary risk arises from JavaScript code allowing for cross-site<br>
scripting.<br>
<br>
Details<br>
=======<br>
<br>
Product: Secure Web Gateway<br>
Affected Versions: 10.2.11, potentially other...<br>