Cross site scripting

2015-09-2020:59:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

0.729 High

EPSS

Percentile

98.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.

CPENameOperatorVersion
web_gatewayle5.2.2

CPE	Name	Operator	Version
	web_gateway	le	5.2.2

References

www.securityfocus.com/bid/76728

www.securitytracker.com/id/1033625

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00

www.zerodayinitiative.com/advisories/ZDI-15-443/