CVE-2015-5691
Symantec Web Gateway < 5.2.2 - Cross-Site Scripting in Management Console
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033625
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/76728
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-443/
Vendor Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150916_00
Scores
EPSS
0.0053
EPSS Percentile
67.2%
Details
CWE
CWE-79
Status
published
Products (1)
symantec/web_gateway
< 5.2.2
Published
Sep 20, 2015
Tracked Since
Feb 18, 2026