SA24 : Cross-Site Scripting Vulnerability in ProxySG Management Console
1136
03 March 2020
29 October 2007
CLOSED
HIGH
SUMMARY
A cross-site scripting (XSS) vulnerability has been reported in the handling of the URL that loads Certificate Revocation Lists into the appliance via the management console. If the URL is malformed in certain ways, the malformed text is treated as HTML and displayed to the user, instead of an error message being generated.
MITIGATION
A workaround is for administrators to never visit any untrusted site while logged into the ProxySG management console.
ACKNOWLEDGEMENTS
Blue Coat Systems wishes to thank Adrian Pastor of ProCheckUp for working with us to resolve this issue.