Reflected XSS Vulnerability in Symantec ProxySG Management Console
CVE-2016-10256

6.1MEDIUM

Key Information:

Vendor

Symantec Corporation

Status
Proxysg
Vendor
CVE Published:
10 January 2018

What is CVE-2016-10256?

The management console of Symantec ProxySG versions 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) is affected by a reflected XSS vulnerability. This issue allows a remote attacker to craft a malicious URL that can inject arbitrary JavaScript code into the management console web client. Exploitation of this vulnerability could enable attackers to execute scripts in the context of the user's session, potentially compromising sensitive information or performing unauthorized actions within the management console.

Affected Version(s)

ProxySG 6.5 prior to 6.5.10.6

ProxySG 6.6

ProxySG 6.7 prior to 6.7.2.1

References

http://www.securitytracker.com/id/1040138
vdb-entryx_refsource_SECTRACK
https://www.symantec.com/security-center/network-protecti...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/102451
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.