Lucene search

[email protected]CVE-2013-4676

HistoryAug 05, 2013 - 1:22 p.m.

CVE-2013-4676

2013-08-0513:22:52

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4676

cross-site scripting

xss

symantec backup exec

security vulnerability

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.853 High

EPSS

Percentile

98.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Affected configurations

NVD

Node

symantecbackup_execMatch2010_r3

symantecbackup_execMatch2010_r3sp1

symantecbackup_execMatch2010_r3sp2

symantecbackup_execMatch2012

CPENameOperatorVersion
symantec:backup_execsymantec backup execeq2010_r3
symantec:backup_execsymantec backup execeq2012

CPE	Name	Operator	Version
symantec:backup_exec	symantec backup exec	eq	2010_r3
symantec:backup_exec	symantec backup exec	eq	2012

References

osvdb.org/95941

osvdb.org/95942

www.securityfocus.com/bid/61486

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Social References

5.7 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.853 High

EPSS

Percentile

98.6%

JSON

Related for CVE-2013-4676

cvelist1 prion1 nvd1 nessus1 kaspersky1