Symantec Clientless VPN Gateway User UI Multiple XSS

2004-08-10T05:25:51
ID OSVDB:8509
Type osvdb
Reporter OSVDB
Modified 2004-08-10T05:25:51

Description

Vulnerability Description

Symantec Clientless VPN Gateway contains a flaw related to the end user UI (user interface) that may allow an attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. No further details have been provided.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec Corporation has released a hotfix v.SCVG5-20040806-00 to address this vulnerability.

Short Description

Symantec Clientless VPN Gateway contains a flaw related to the end user UI (user interface) that may allow an attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. No further details have been provided.

References:

Vendor URL: http://www.symantec.com/ Secunia Advisory ID:12254 Related OSVDB ID: 8507 Related OSVDB ID: 8510 Related OSVDB ID: 8512 Related OSVDB ID: 8508 Related OSVDB ID: 8511 Other Advisory URL: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt CVE-2004-1483