Vulnerability Details CVE-2016-10257
The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.5%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/102447
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
- http://www.securityfocus.com/bid/102447
- http://www.securitytracker.com/id/1040138
- https://www.symantec.com/security-center/network-protection-security-advisories/SA155
Products affected by CVE-2016-10257
-
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6
-
cpe:2.3:a:broadcom:advanced_secure_gateway:6.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.10.4
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.2.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.4.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.5.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.6.1
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.7.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.10
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.14
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.2
-
cpe:2.3:a:broadcom:symantec_proxysg:6.5.9.8
-
cpe:2.3:a:broadcom:symantec_proxysg:6.6
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7
-
cpe:2.3:a:broadcom:symantec_proxysg:6.7.1.1