I found a Cross-Site Scripting (XSS) vulnerability within the Symantec Web Gateway.
- CVE-2013-4670: Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
This issue was identified by myself, as well as independently by another security researcher:
- Glenn 'devalias' Grant (http://devalias.net)
Symantec thanks Glenn 'devalias' Grant, http://devalias.net, for also reporting CVE-2013-4670 and working with us as we addressed them.