Vulnerabilities > Bluecoat > Proxysg Sg9000 20 > Medium

DATE CVE VULNERABILITY TITLE RISK
2012-08-26 CVE-2010-5192 Cross-Site Scripting vulnerability in Bluecoat products
Cross-site scripting (XSS) vulnerability in the Java Management Console in Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
bluecoat CWE-79
4.3
2012-08-26 CVE-2010-5190 Permissions, Privileges, and Access Controls vulnerability in Bluecoat products
The Active Content Transformation functionality in Blue Coat ProxySG before SGOS 4.3.4.2, 5.x before SGOS 5.4.5.1, 5.5 before SGOS 5.5.4.1, and 6.x before SGOS 6.1.2.1 allows remote attackers to bypass JavaScript detection via HTML entities.
network
low complexity
bluecoat CWE-264
5.0
2009-04-01 CVE-2009-1211 Configuration vulnerability in Bluecoat products
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
network
bluecoat CWE-16
5.8