CVE-2012-3238 - Unpurified Thanks

Description

Cross-site scripting (XSS) vulnerability in the Backup/Restore component in WebAdmin in Astaro Security Gateway before 8.305 allows remote attackers to inject arbitrary web script or HTML via the \Comment (optional)\ field.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0206.html http://www.astaro.com/en-uk/blog/up2date/8305 http://security.inshell.net/advisory/27