Description
Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/95942
Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/61486
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/95941
Scores
EPSS
0.0053
EPSS Percentile
67.2%
Details
CWE
CWE-79
Status
published
Products (2)
symantec/backup_exec
2010_r3 (3 CPE variants)
symantec/backup_exec
2012
Published
Aug 05, 2013
Tracked Since
Feb 18, 2026