Lucene search

[email protected]CVE-2015-5691

HistorySep 20, 2015 - 8:59 p.m.

CVE-2015-5691

2015-09-2020:59:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2015-5691

cross-site scripting

xss

symantec

web gateway

security vulnerabilities

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.729 High

EPSS

Percentile

98.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.

Affected configurations

NVD

Node

symantecweb_gatewayRange≤5.2.2

CPENameOperatorVersion
symantec:web_gatewaysymantec web gatewayle5.2.2

CPE	Name	Operator	Version
symantec:web_gateway	symantec web gateway	le	5.2.2

References

www.securityfocus.com/bid/76728

www.securitytracker.com/id/1033625

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00

www.zerodayinitiative.com/advisories/ZDI-15-443/

5.9 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.729 High

EPSS

Percentile

98.1%

JSON

Related for CVE-2015-5691

prion1 cvelist1 nvd1 zdi1 symantec1 nessus1