XSS Vulnerability in Symantec Gateway Security Management Service
CVE-2004-0192

Currently unrated

Key Information:

Vendor: Symantec
Status: Gateway Security 5400
Vendor: CVE Published:; 15 March 2004

Summary

The Management Service of Symantec Gateway Security 2.0 is susceptible to a cross-site scripting (XSS) vulnerability, which can be exploited by remote attackers. By crafting a malicious URL that targets the /sgmi endpoint, attackers can execute scripts that steal cookies and hijack user management sessions. This exploit leverages the lack of proper input validation in error page rendering, leading to serious security implications for session integrity.

References

http://www.securityfocus.com/bid/9755

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/15330

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=107790684732458&w=2

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Mar 15, 2004
Vulnerability Reserved
Mar 3, 2004