PT-2024-25474 · Iboss · Iboss Secure Web Gateway

Modrnproph3T

Published

2024-04-06

Updated

2024-06-06

CVE-2024-3378

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions iboss Secure Web Gateway versions up to 10.1

Description A vulnerability has been found in the iboss Secure Web Gateway, affecting an unknown functionality of the file "/login" of the component Login Portal. The manipulation of the redirectUrl argument leads to cross-site scripting. The attack can be launched remotely.

Recommendations For iboss Secure Web Gateway versions up to 10.1, upgrade to version 10.2.0.160 to address this issue. As a temporary workaround, consider restricting access to the "/login" endpoint or disabling the manipulation of the redirectUrl argument until the upgrade is applied.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2024-3378

Affected Products

Iboss Secure Web Gateway

PT-2024-25474 · Iboss · Iboss Secure Web Gateway

CVE-2024-3378

Weakness Enumeration

Related Identifiers

Affected Products

References · 10