Symantec Web Gateway `l´ Cross-Site Scripting Vulnerability

Last Update Date: 7 Jun 2013 Release Date: 8 May 2012 4615 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in Symantec Web Gateway, which can be exploited by malicious people to conduct cross-site scripting attacks.

 

Input passed via the "l" parameter to spywall/timer.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Impact

  • Cross-Site Scripting
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • version 5.0.2.8.
  • Other versions may also be affected.

Solutions

  • Filter malicious characters and character sequences using a proxy.

Vulnerability Identifier

  • No CVE information is available

Source

 

Related Link

Share with

Previous

PHP com_print_typeinfo Remote Code Execution Vulnerability

22 May 2012 5643 Views

Next

Parallels Plesk Panel Arbitrary PHP Code Execution Vulnerability

7 Jun 2013 3593 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY