CVE-2013-4670 – Symantec Web Gateway XSS / CSRF / SQL Injection / Command Injection

https://notcve.org/view.php?id=CVE-2013-4670

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en la consola de gestión de Symantec Web Gateway (SWG), permite a atacantes remotos inyectar secuencias de comandos web o HTML sin especificar a través de vectores sin especificar. Symantec Web Gateway versions 5.1.0.* and below suffer from cross site request forgery, cross site scripting, command injection, and remote SQL injection vulnerabilities. • http://osvdb.org/95690 http://osvdb.org/95692 http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html http://www.securityfocus.com/bid/61103 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •