Cross-Site Scripting Vulnerabilities in Symantec Backup Exec 2010 R3 and 2012
CVE-2013-4676

Currently unrated

Key Information:

Vendor: Symantec
Status: Backup Exec
Vendor: CVE Published:; 5 August 2013

Summary

Symantec Backup Exec prior to specific service pack updates is susceptible to multiple cross-site scripting (XSS) vulnerabilities. Attackers can exploit these weaknesses to inject arbitrary web scripts or HTML code through various vectors, including custom reports generation, storage devices page, jobs creation page, and server-management pages within the management console. Successful exploitation poses significant risks to data integrity and user interaction.

References

http://osvdb.org/95942

vdb-entryx_refsource_OSVDB

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/61486

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 5, 2013
Vulnerability Reserved
Jun 24, 2013