Cross-site Scripting Vulnerability in Symantec Web Security Products
CVE-2004-2755

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Security
Vendor: CVE Published:; 31 December 2004

Summary

A cross-site scripting vulnerability exists in Symantec Web Security versions 2.5, 3.0.0, and 3.0.1 prior to build 62. This flaw allows remote attackers to inject arbitrary web scripts or HTML through the query string in URLs flagged as blocked. When users interact with error messages or block page notifications, malicious scripts can execute in their browsers, potentially leading to unauthorized access to sensitive information or a compromised user experience.

References

http://www.securitytracker.com/alerts/2004/Jan/1008711.html

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/9418

vdb-entryx_refsource_BID

http://secunia.com/advisories/10618

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability Reserved
Nov 15, 2007
Vulnerability published
Dec 31, 2004