CVE-2018-18370
N/A
N/A
Summary
The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Symantec Corporation | Symantec Advanced Secure Gateway (ASG) | 6.6 and 6.7 prior to 6.7.4.2 | affected |
| Symantec Corporation | Symantec ProxySG | 6.5 prior to 6.5.10.15 | affected |
| Symantec Corporation | Symantec ProxySG | 6.6 | affected |
| Symantec Corporation | Symantec ProxySG | 6.7 prior to 6.7.4.2 | affected |
Weaknesses
- Cross-site-scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.