CVE-2016-10257

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*

History

08 Jul 2021, 16:37

Type Values Removed Values Added
CPE cpe:2.3:a:symantec:advanced_secure_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:symantec:advanced_secure_gateway:6.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:advanced_secure_gateway:6.6:*:*:*:*:*:*:*

24 Jun 2021, 18:55

Type Values Removed Values Added
CPE cpe:2.3:a:symantec:proxysg:6.6:*:*:*:*:*:*:*
cpe:2.3:a:symantec:proxysg:*:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:6.6:*:*:*:*:*:*:*
cpe:2.3:a:broadcom:symantec_proxysg:*:*:*:*:*:*:*:*

Information

Published : 2018-01-10 02:29

Updated : 2024-02-04 19:29


NVD link : CVE-2016-10257

Mitre link : CVE-2016-10257

CVE.ORG link : CVE-2016-10257


JSON object : View

Products Affected

broadcom

  • advanced_secure_gateway
  • symantec_proxysg
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')