exploitDog

CVE-2004-0192

Опубликовано: 15 мар. 2004

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.

Ссылки

http://marc.info/?l=bugtraq&m=107790684732458&w=2
http://www.securityfocus.com/bid/9755
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15330
http://marc.info/?l=bugtraq&m=107790684732458&w=2
http://www.securityfocus.com/bid/9755
Exploit
Patch
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15330

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:h:symantec:gateway_security_5400:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00534

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-mq86-6vpq-5qff

github

почти 4 года назад

Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.

EPSS

Процентиль: 67%

0.00534

Низкий

6.8 Medium

CVSS2

Дефекты

NVD-CWE-Other