vendor:
Gateway Security
by:
SecurityFocus
6.4
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Gateway Security
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2004
Symantec Gateway Security Web Based Management Console Cross-Site Scripting Vulnerability
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks. The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page. Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials.
Mitigation:
Ensure that user-supplied data is properly sanitized before being used.
