CVE-2014-1652

Sažetak

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.

Reference

http://www.kb.cert.org/vuls/id/719172
http://www.securityfocus.com/bid/67755
http://www.securitytracker.com/id/1030443
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00

CVSS

Base:	2.3
Impact:	2.9
Exploitability:	4.4

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	MEDIUM	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:A/AC:M/Au:S/C:N/I:P/A:N

Zadnje važnije ažuriranje

28-12-2017 - 02:29

Objavljeno

18-06-2014 - 19:55