A critical XSS Reflected vulnerability has been found in the VIP Enterprise Gateway (EG) console.
XSS Reflected definition: Reflected attacks are those where the injected script is reflected off the web server. Attacks can be found in an error message, search result, or any other response. These responses include some or all of the input that is sent to the server as part of the request. Reflected attacks are delivered to victims by another route, such as in an email message, or on some other website. A user is tricked into clicking on a malicious link, submitting a specially crafted form, or browsing to a malicious site. The injected code travels to the vulnerable website, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server. (X-XSS-Protection)
This issue was resolved in VIP Enterprise Gateway 9.9.2.
This issue was resolved in VIP Enterprise Gateway 9.9.2. Upgrade to the latest version of VIP Enterprise Gateway