Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2755

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2004-2755
Last Modified 05 Sep 2008 04:45:01
Published 31 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2004-2755

Summary

Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

Vulnerable Systems

Application

  • Symantec Web Security 2.5

  • Symantec Web Security 3.0

  • Symantec Web Security 3.0.1


References

XF - symantec-websecurity-blocked-xss(14825)

SECTRACK - 1008711

BID - 9418

OSVDB - 6754

CONFIRM - http://securityresponse.symantec.com/avcenter/security/Content/2004.01.13.html

SECUNIA - 10618


Last Updated: 27 May 2016 10:39:37