CVE-2016-10257
N/A
N/A
Summary
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Symantec Corporation | ASG | 6.6 | affected |
| Symantec Corporation | ASG | 6.7 prior to 6.7.2.1 | affected |
| Symantec Corporation | ProxySG | 6.5 prior to 6.5.10.6 | affected |
| Symantec Corporation | ProxySG | 6.6 | affected |
| Symantec Corporation | ProxySG | 6.7 prior to 6.7.2.1 | affected |
Weaknesses
- Reflected XSS
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
- http://www.securityfocus.com/bid/102447
References
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
- http://www.securityfocus.com/bid/102447
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.