CVE-2014-1652

Published: Jun 18, 2014Modified: May 6, 2026

2.3

Vector

AV:A/AC:M/Au:S/C:N/I:P/A:N

Exploitability: 4.4 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.

Affected (2)

Products: Symantec: Web Gateway

Symantec

1 product

Web Gateway

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Symantec Web Gateway	Up to 5.1.1
Symantec Web Gateway	Version 5.1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (10)

http://www.kb.cert.org/vuls/id/719172

Source: secure@symantec.com

http://www.securityfocus.com/bid/67755

Source: secure@symantec.com

http://www.securitytracker.com/id/1030443

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit%20y_advisory&pvid=security_advisory&year=&suid=20140616_00

Source: secure@symantec.com

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2014&suid=20140616_00

Source: secure@symantec.com

Vendor Advisory

http://www.kb.cert.org/vuls/id/719172