CVE-2023-0214
Published: 18 January 2023
Summary
CVE-2023-0214 is a medium-severity Cross-site Scripting (CWE-79) vulnerability in Trellix Skyhigh Secure Web Gateway. Its CVSS base score is 6.1 (Medium).
Operationally, ranked in the top 11.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
A cross-site scripting vulnerability exists in Skyhigh Secure Web Gateway (SWG) due to improper handling of URL paths in internal requests. The affected releases are mainline 11.x versions prior to 11.2.6, 10.x versions prior to 10.2.17, and the controlled 12.x release prior to 12.0.1. The flaw is tracked as CWE-79 and carries a CVSS 3.1 base score of 6.1.
An unauthenticated remote attacker can craft SWG-specific requests that reference arbitrary third-party sites. When a victim later accesses the gateway, the attacker-supplied content is reflected into the HTTP response, enabling limited injection of scripts or markup that executes in the context of the SWG origin.
Trellix has published security bulletin SB10393, which directs customers to apply the listed maintenance releases that contain the fix.
The EPSS probability rose from a low baseline to a peak of 0.0886 before receding to the current value of 0.0390, indicating a period of elevated exploitation interest after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-12303
Vulnerability details
A cross-site scripting vulnerability in Skyhigh SWG in main releases 11.x prior to 11.2.6, 10.x prior to 10.2.17, and controlled release 12.x prior to 12.0.1 allows a remote attacker to craft SWG-specific internal requests with URL paths to any third-party…
more
website, causing arbitrary content to be injected into the response when accessed through SWG.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.
Validates web inputs to reject script-related content that could produce XSS.
Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.