CVE-2004-2755
Symantec Web Security 2.5, 3.0.0, 3.0.1 - Cross-Site Scripting via Blocked URL Query String
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/alerts/2004/Jan/1008711.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9418
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10618
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14825
Various Sources x_refsource_confirm
http://securityresponse.symantec.com/avcenter/security/Content/2004.01.13.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/6754
Scores
EPSS
0.0116
EPSS Percentile
78.9%
Details
CWE
CWE-79
Status
published
Products (3)
symantec/web_security
2.5
symantec/web_security
3.0
symantec/web_security
3.0.1
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026