- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23764
- Проверка EDB
-
- Пройдено
- Автор
- SOBY
- Тип уязвимости
- REMOTE
- Платформа
- HARDWARE
- CVE
- cve-2004-0192
- Дата публикации
- 2004-02-26
Код:
source: https://www.securityfocus.com/bid/9755/info
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
https://example.com:2456/sgmi/<script>badscript</script>- Источник
- www.exploit-db.com
