Vulnerability Description
Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Advanced Secure Gateway | >= 6.6, < 6.6.5.14 |
| Broadcom | Symantec Proxysg | >= 6.5, < 6.5.10.8 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103685Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040757Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
- http://www.securityfocus.com/bid/103685Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1040757Third Party AdvisoryVDB Entry
- https://www.symantec.com/security-center/network-protection-security-advisories/Vendor Advisory
FAQ
What is CVE-2017-13678?
CVE-2017-13678 is a vulnerability with a CVSS score of 4.8 (MEDIUM). Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management conso...
How severe is CVE-2017-13678?
CVE-2017-13678 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-13678?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Advanced Secure Gateway, Broadcom Symantec Proxysg.