CVE-2016-10257
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
La consola de gestión de Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (en versiones anteriores a la 6.7.2.1), ProxySG 6.5 (en versiones anteriores a la 6.5.10.6), ProxySG 6.6 and ProxySG 6.7 (en versiones anteriores a la 6.7.2.1) es susceptible de contener una vulnerabilidad de XSS reflejado. Un atacante remoto puede emplear una URL de la consola de gestión manipulada en un ataque de phishing para inyectar código JavaScript arbitrario en la aplicación del cliente web de la consola de gestión. Esta vulnerabilidad es diferente de CVE-2016-10256.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-23 CVE Reserved
- 2018-01-10 CVE Published
- 2023-06-02 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/102447 | Third Party Advisory | |
http://www.securitytracker.com/id/1040138 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.symantec.com/security-center/network-protection-security-advisories/SA155 | 2021-07-08 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | >= 6.7 < 6.7.2.1 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version " >= 6.7 < 6.7.2.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Advanced Secure Gateway Search vendor "Broadcom" for product "Advanced Secure Gateway" | 6.6 Search vendor "Broadcom" for product "Advanced Secure Gateway" and version "6.6" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.5 < 6.5.10.6 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.5 < 6.5.10.6" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | >= 6.7 < 6.7.2.1 Search vendor "Broadcom" for product "Symantec Proxysg" and version " >= 6.7 < 6.7.2.1" | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Symantec Proxysg Search vendor "Broadcom" for product "Symantec Proxysg" | 6.6 Search vendor "Broadcom" for product "Symantec Proxysg" and version "6.6" | - |
Affected
|