Vulnerability Details CVE-2016-10256
The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/102451
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
- http://www.securityfocus.com/bid/102451
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Products affected by CVE-2016-10256
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.10.4
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8
-
cpe:2.3:a:broadcom:symantec_proxysg:6.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1