CVE-2013-4670 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://osvdb.org/95690 http://osvdb.org/95692 http://packetstormsecurity.com/files/122556/Symantec-Web-Gateway-XSS-CSRF-SQL-Injection-Command-Injection.html http://www.securityfocus.com/bid/61103 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130725_00 https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20130726-0_Symantec_Web_Gateway_Multiple_Vulnerabilities_v10.txt