Vulnerability Description
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Advanced Secure Gateway | >= 6.7, < 6.7.2.1 |
| Broadcom | Symantec Proxysg | >= 6.5, < 6.5.10.6 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102447Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040138Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
- http://www.securityfocus.com/bid/102447Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040138Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
FAQ
What is CVE-2016-10257?
CVE-2016-10257 is a vulnerability with a CVSS score of 6.1 (MEDIUM). The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a refl...
How severe is CVE-2016-10257?
CVE-2016-10257 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-10257?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Advanced Secure Gateway, Broadcom Symantec Proxysg.