CVE-2004-2755

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

1.2%

top 21.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec WEB Security

Timeline

PublishedDec 31

Latest updateApr 29

Description

Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDsymantec/web_security2.5, 3.0, 3.0.1+2

🔴Vulnerability Details

GHSA

GHSA-x5w8-45xj-42q9: Cross-site scripting (XSS) vulnerability in Symantec Web Security 2↗2022-04-29

▶

CVEList

CVE-2004-2755: Cross-site scripting (XSS) vulnerability in Symantec Web Security 2↗2007-11-15

▶