Vulnerability CVE-2016-10257
Published: 2018-01-09   Modified: 2018-01-10

Description:
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.

Type:

CWE-79

 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Symantec -> Advanced secure gateway 
Symantec -> Proxysg 

 References:
http://www.securityfocus.com/bid/102447
http://www.securitytracker.com/id/1040138
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Copyright 2024, cxsecurity.com

 

Back to Top