9 lines
No EOL
860 B
Text
Executable file
9 lines
No EOL
860 B
Text
Executable file
source: http://www.securityfocus.com/bid/9755/info
|
|
|
|
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.
|
|
|
|
The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
|
|
|
|
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
|
|
|
|
https://example.com:2456/sgmi/<script>badscript</script> |