CVE-2016-10257

Опубликовано: 10 янв. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.

Ссылки

http://www.securityfocus.com/bid/102447
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040138
Third Party Advisory
VDB Entry
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Vendor Advisory
http://www.securityfocus.com/bid/102447
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1040138
Third Party Advisory
VDB Entry
https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.7.2.1 (исключая)

cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*

Версия от 6.5 (включая) до 6.5.10.6 (исключая)

cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*

Версия от 6.7 (включая) до 6.7.2.1 (исключая)

cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00378

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vfc6-mrqm-f3vr