CVE-2017-13678

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.8MEDIUM

EPSS

0.3%

top 45.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Broadcom Advanced Secure Gateway Broadcom Symantec Proxysg Symantec Corporation Advanced Secure Gateway (asg)+1 more

Timeline

PublishedApr 11

Latest updateMay 13

Description

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5symantec_corporation/advanced_secure_gateway_(asg)6.6 prior to 6.6.5.14, 6.7 prior to 6.7.4.107+1

▶NVDbroadcom/advanced_secure_gateway6.6 — 6.6.5.14+2

▶NVDbroadcom/symantec_proxysg6.5 — 6.5.10.8+3

▶CVEListV5symantec_corporation/proxysg6.5 prior to 6.5.10.8, 6.6 prior to 6.6.5.14, 6.7 prior to 6.7.4.107+2

🔴Vulnerability Details

GHSA

GHSA-ph7c-5vcg-x887: Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles↗2022-05-13

▶

CVEList

CVE-2017-13678: Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles↗2018-04-11

▶