CVE-2013-4676

2013-08-0513:22:52

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.853

Percentile

98.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Affected configurations

Nvd

Node

symantecbackup_execMatch2010_r3

symantecbackup_execMatch2010_r3sp1

symantecbackup_execMatch2010_r3sp2

symantecbackup_execMatch2012

VendorProductVersionCPE
symantecbackup_exec2010_r3cpe:2.3:a:symantec:backup_exec:2010_r3:*:*:*:*:*:*:*
symantecbackup_exec2010_r3cpe:2.3:a:symantec:backup_exec:2010_r3:sp1:*:*:*:*:*:*
symantecbackup_exec2010_r3cpe:2.3:a:symantec:backup_exec:2010_r3:sp2:*:*:*:*:*:*
symantecbackup_exec2012cpe:2.3:a:symantec:backup_exec:2012:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	backup_exec	2010_r3	cpe:2.3:a:symantec:backup_exec:2010_r3:::::::*
symantec	backup_exec	2010_r3	cpe:2.3:a:symantec:backup_exec:2010_r3:sp1::::::
symantec	backup_exec	2010_r3	cpe:2.3:a:symantec:backup_exec:2010_r3:sp2::::::
symantec	backup_exec	2012	cpe:2.3:a:symantec:backup_exec:2012:::::::*