Cross-Site Scripting Vulnerabilities in Symantec Web Security
CVE-2007-0563

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Security
Vendor: CVE Published:; 30 January 2007

Summary

Symantec Web Security prior to version 3.0.1.85 contains multiple cross-site scripting vulnerabilities that could allow remote attackers to inject arbitrary web scripts or HTML. These vulnerabilities manifest through error messages and blocked page messages produced by the application, potentially compromising the security of user interactions and exposing sensitive data.

References

http://securityresponse.symantec.com/avcenter/security/Co...

x_refsource_CONFIRM

http://www.vupen.com/english/advisories/2007/0330

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/23896

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 30, 2007
Vulnerability Reserved
Jan 30, 2007