CVE-2018-18370

Published: Aug 29, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Vendor	Product	Versions
Symantec Corporation	Symantec Advanced Secure Gateway (ASG)	affected `6.6 and 6.7 prior to 6.7.4.2`
Symantec Corporation	Symantec ProxySG	affected `6.5 prior to 6.5.10.15` affected `6.6` affected `6.7 prior to 6.7.4.2`

References

https://support.symantec.com/us/en/article.SYMSA1472.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-18370

Description

Affected Products

References