CVSS: 4.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13678
https://notcve.org/view.php?id=CVE-2017-13678
11 Apr 2018 — Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. Vulnerabilidad de Cross-Site Scripting (XSS) persistente en las consolas de gestión Symantec Advanced Secure Gateway (ASG) y ProxySG. Un administrador de aparatos malicioso puede inyectar código JavaScript arbitrario en la aplicación cliente de la consola de gestión web. • http://www.securityfocus.com/bid/103685 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-10257
https://notcve.org/view.php?id=CVE-2016-10257
10 Jan 2018 — The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. La consola de gestión de Symantec Advanced Secure Gateway (ASG) 6... • http://www.securityfocus.com/bid/102447 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.0EPSS: 1%CPEs: 29EXPL: 0CVE-2016-9097
https://notcve.org/view.php?id=CVE-2016-9097
11 May 2017 — The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ProxySG 6.5 prior 6.5.10.6, ProxySG 6.6 prior to 6.6.5.8, and ProxySG 6.7 prior to 6.7.1.2 management consoles do not, under certain circumstances, correctly authorize administrator users. A malicious administrator with read-only access can exploit this vulnerability to access management console functionality that requires read-write access privileges. Las consolas de administración Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.... • http://www.securityfocus.com/bid/101530 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.1EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9099
https://notcve.org/view.php?id=CVE-2016-9099
11 May 2017 — Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6, and ProxySG 6.7 prior to 6.7.2.1 are susceptible to an open redirection vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to redirect the target user to a malicious web site. Advanced Secure Gateway (ASG) versión 6.6, ASG versiones 6.7 anteriores a 6.7.2.1, ProxySG versiones 6.5 anteriores a 6.5.10.6, ProxySG versión 6.6 y ProxySG versiones 6.7 anteri... • http://www.securityfocus.com/bid/102455 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2016-9100
https://notcve.org/view.php?id=CVE-2016-9100
11 May 2017 — Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 prior to 6.7.3.1, ProxySG 6.5 prior to 6.5.10.6, ProxySG 6.6 prior to 6.6.5.13, and ProxySG 6.7 prior to 6.7.3.1 are susceptible to an information disclosure vulnerability. An attacker with local access to the client host of an authenticated administrator user can, under certain circumstances, obtain sensitive authentication credential information. Advanced Secure Gateway (ASG) versiones 6.6 anteriores a 6.6.5.13, ASG versiones 6.7 anteri... • http://www.securityfocus.com/bid/102454 • CWE-255: Credentials Management Errors •