Cross-Site Scripting Vulnerabilities in Symantec Web Gateway Appliances
CVE-2015-5691

Currently unrated

Key Information:

Vendor: Symantec
Status: Web Gateway
Vendor: CVE Published:; 20 September 2015

What is CVE-2015-5691?

Multiple cross-site scripting (XSS) vulnerabilities exist within the PHP scripts of the management console in Symantec Web Gateway appliances. These vulnerabilities can be exploited by remote attackers, enabling them to inject arbitrary web scripts or HTML through unspecified vectors, which may compromise the security of the system. One notable example was demonstrated through an attack against admin_messages.php, revealing the critical need for updating affected systems to ensure protection against such vulnerabilities.

References

http://www.securitytracker.com/id/1033625

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/76728

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-15-443/

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 20, 2015
Vulnerability Reserved
Jul 28, 2015