Symantec Gateway Security 5400 Series 2.0 Error Page Cross-Site Scripting Vulnerability

2004-02-26T00:00:00
ID EDB-ID:23764
Type exploitdb
Reporter Soby
Modified 2004-02-26T00:00:00

Description

Symantec Gateway Security 5400 Series 2.0 Error Page Cross-Site Scripting Vulnerability. CVE-2004-0192. Remote exploit for hardware platform

                                        
                                            source: http://www.securityfocus.com/bid/9755/info

A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.

The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.

Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device. 

https://example.com:2456/sgmi/<script>badscript</script>