SA24 : Cross-Site Scripting Vulnerability in ProxySG Management Console

1136

03 March 2020

29 October 2007

CLOSED

HIGH

SUMMARY

A cross-site scripting (XSS) vulnerability has been reported in the handling of the URL that loads Certificate Revocation Lists into the appliance via the management console. If the URL is malformed in certain ways, the malformed text is treated as HTML and displayed to the user, instead of an error message being generated.

MITIGATION

A workaround is for administrators to never visit any untrusted site while logged into the ProxySG management console.

ACKNOWLEDGEMENTS

Blue Coat Systems wishes to thank Adrian Pastor of ProCheckUp for working with us to resolve this issue.