CVE-2016-10257

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 40.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Advanced Secure Gateway Broadcom Symantec Proxysg Symantec Corporation ASG +1 more

Timeline

PublishedJan 10

Latest updateMay 13

Description

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶NVDbroadcom/symantec_proxysg6.5 — 6.5.10.6+2

▶CVEListV5symantec_corporation/proxysg6.5 prior to 6.5.10.6, 6.6, 6.7 prior to 6.7.2.1+2

▶NVDbroadcom/advanced_secure_gateway6.7 — 6.7.2.1+1

▶CVEListV5symantec_corporation/asg6.6, 6.7 prior to 6.7.2.1+1

🔴Vulnerability Details

GHSA

GHSA-vfc6-mrqm-f3vr: The Symantec Advanced Secure Gateway (ASG) 6↗2022-05-13

▶

CVEList

CVE-2016-10257: The Symantec Advanced Secure Gateway (ASG) 6↗2018-01-10

▶