CVE-2013-4676

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Múltiples vulnerabilidades de cross-site scripting (XSS) en Symantec Backup Exec v2010 R3 anterior a v2010 R3 SP3 y v2012 anterior a SP2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través de vectores que involucran una (1) página de generación de informes personalizados, (2) una página de creación de dispositivos de almacenamiento, o (3) una página de creación de trabajos en la consola de administración, o (4) una página de Backup Exec del servidor de administración en la consola “beutility”.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-06-24 CVE Reserved
2013-08-04 CVE Published
2023-06-17 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (4)

URL	Tag	Source
http://osvdb.org/95941	Vdb Entry
http://osvdb.org/95942	Vdb Entry
http://www.securityfocus.com/bid/61486	Vdb Entry

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00	2013-08-22

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Symantec Search vendor "Symantec"		Backup Exec Search vendor "Symantec" for product "Backup Exec"				2010_r3 Search vendor "Symantec" for product "Backup Exec" and version "2010_r3"		-		Affected
Symantec Search vendor "Symantec"		Backup Exec Search vendor "Symantec" for product "Backup Exec"				2010_r3 Search vendor "Symantec" for product "Backup Exec" and version "2010_r3"		sp1		Affected
Symantec Search vendor "Symantec"		Backup Exec Search vendor "Symantec" for product "Backup Exec"				2010_r3 Search vendor "Symantec" for product "Backup Exec" and version "2010_r3"		sp2		Affected
Symantec Search vendor "Symantec"		Backup Exec Search vendor "Symantec" for product "Backup Exec"				2012 Search vendor "Symantec" for product "Backup Exec" and version "2012"		-		Affected