Description
Cross-site scripting (XSS) vulnerability in the management console in Blue Coat ProxySG before 4.2.6.1, and 5.x before 5.2.2.5, allows remote attackers to inject arbitrary web script or HTML by modifying the URL that is used for loading Certificate Revocation Lists.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Adrian Pastor · textremotemultiple
https://www.exploit-db.com/exploits/30729
References (5)
Core 5
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.bluecoat.com/support/securityadvisories/advisory_cross-site_scripting_vulnerability
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38213
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27452
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/3678
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1018888
Scores
EPSS
0.0042
EPSS Percentile
62.1%
Details
CWE
CWE-79
Status
published
Products (1)
symantec/proxysg_firmware
< 4.2.6.1
Published
Nov 03, 2007
Tracked Since
Feb 18, 2026