XSS in Symantec Web_gateway

CVE-2014-1652

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.005 (67.8th percentile) — read the EPSS interpretation.

Affected products

Symantec Web_gateway — versions 5.1
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

67755 (vdb-entry, x_refsource_BID)
1030443 (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
secure@symantec.com (x_refsource_CONFIRM)
VU#719172 (x_refsource_CERT-VN, third-party-advisory)