Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0192

4 documents4 sources

Severity

6.8MEDIUM

EPSS

0.5%

top 32.60%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Symantec Gateway Security 5400

Timeline

PublishedMar 15

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDsymantec/gateway_security_54002.0

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-mq86-6vpq-5qff: Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2↗2022-04-29

▶

CVEList

CVE-2004-0192: Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2↗2004-03-04

▶

💥Exploits & PoCs

Exploit-DB

Symantec Gateway Security 5400 Series 2.0 - Error Page Cross-Site Scripting↗2004-02-26

▶