CVE-2013-4676

Published: Aug 5, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Affected (4)

Products: Symantec: Backup Exec

1 product

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Symantec Backup Exec	Version 2010_r3
Symantec Backup Exec	Version 2010_r3 sp1
Symantec Backup Exec	Version 2010_r3 sp2
Symantec Backup Exec	Version 2012

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

http://osvdb.org/95941

Source: secure@symantec.com

http://osvdb.org/95942

Source: secure@symantec.com

http://www.securityfocus.com/bid/61486

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Source: secure@symantec.com

Vendor Advisory

http://osvdb.org/95941

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/95942

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/61486

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.