Описание
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
Ссылки
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия до 4.2.6.1 (исключая)Версия от 5.0.0 (включая) до 5.2.2.5 (исключая)
Одновременно
Одно из
cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:o:symantec:proxysg_firmware:*:*:*:*:*:*:*:*
cpe:2.3:h:symantec:proxysg:-:*:*:*:*:*:*:*
EPSS
Процентиль: 62%
0.00422
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
почти 4 года назад
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
EPSS
Процентиль: 62%
0.00422
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79