18070802606

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A problematic issue was found in the affected software, where an unknown function of the file /nac/naccheck.php is impacted. The manipulation of the `username` argument leads to improper neutralization of data within xpath expressions. This allows for a remote attack. The issue has been publicly disclosed and may be exploited. **Recommendations** Netentsec NS-ASG Application Security Gateway version 6.3: Update the software to a version where this issue is resolved, or apply a patch if provided by the vendor to fix the improper neutralization of data within xpath expressions. As a temporary workaround, consider restricting access to the /nac/naccheck.php file or disabling the unknown function impacted by this issue until a patch is available. Avoid using the `username` argument in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netentsec NS-ASG Application Security Gateway version 6.3 **Description** A critical issue has been found in the Netentsec NS-ASG Application Security Gateway, where an unknown functionality of the file "/protocol/iscdevicestatus/deleteonlineuser.php" is affected. The manipulation of the `messagecontent` argument leads to SQL injection. The attack can be launched remotely. **Recommendations** Netentsec NS-ASG Application Security Gateway version 6.3: Update the "/protocol/iscdevicestatus/deleteonlineuser.php" file to prevent SQL injection by properly sanitizing the `messagecontent` argument.