Menu

Symantec Web Gateway: Cross-Site Scripting (XSS) (CVE-2013-4670)

Glenn 'devalias' Grant | 05 Sep 2013 | Less than 1 minute to read | #security, #cve, #symantec, #xss

I found a Cross-Site Scripting (XSS) vulnerability within the Symantec Web Gateway.

The CVE

CVE-2013-4670: Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Security Advisories Relating to Symantec Products - Symantec Web Gateway Security Issues (SYM13-008)

Acknowledgements

This issue was identified by myself, as well as independently by another security researcher:

Glenn 'devalias' Grant (http://devalias.net)

Symantec thanks Glenn 'devalias' Grant, http://devalias.net, for also reporting CVE-2013-4670 and working with us as we addressed them.