Lucene search

[email protected]NVD:CVE-2015-5691

HistorySep 20, 2015 - 8:59 p.m.

CVE-2015-5691

2015-09-2020:59:06

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.729

Percentile

98.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.

Affected configurations

Nvd

Node

symantecweb_gatewayRange≤5.2.2

VendorProductVersionCPE
symantecweb_gateway*cpe:2.3:a:symantec:web_gateway:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	web_gateway	*	cpe:2.3:a:symantec:web_gateway::::::::

References

www.securityfocus.com/bid/76728

www.securitytracker.com/id/1033625

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00

www.zerodayinitiative.com/advisories/ZDI-15-443/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.729

Percentile

98.1%

JSON

Related for NVD:CVE-2015-5691

prion1 cvelist1 cve1 zdi1 symantec1 nessus1