CVE-2016-10256

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 40.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Broadcom Symantec ProxysgSymantec Corporation ASGSymantec Corporation Proxysg
Timeline
PublishedJan 10
Latest updateMay 13

Description

The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDbroadcom/symantec_proxysg6.56.5.10.6+2
CVEListV5symantec_corporation/proxysg6.5 prior to 6.5.10.6, 6.6, 6.7 prior to 6.7.2.1+2
CVEListV5symantec_corporation/asg6.6, 6.7 prior to 6.7.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-jvp2-whwq-j6fc: The Symantec ProxySG 62022-05-13
CVEList
CVE-2016-10256: The Symantec ProxySG 62018-01-10
CVE-2016-10256 (MEDIUM CVSS 6.1) | The Symantec ProxySG 6.5 (prior to | cvebase.io