Symantec Web Gateway CVE-2016-9096 Multiple Cross Site Scripting Vulnerabilities

Symantec Web Gateway is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Versions prior to Symantec Web Gateway 5.2.7 are vulnerable.

Information

Bugtraq ID: 96297
Class: Input Validation Error
CVE: CVE-2016-9096

Remote: Yes
Local: No
Published: Mar 13 2017 12:00AM
Updated: Jun 20 2017 02:03PM
Credit: Sanehdeep Singh, saneh447 at gmail.com.
Vulnerable: Symantec Web Gateway 5.2.6
Symantec Web Gateway 5.2.5
Symantec Web Gateway 5.2.2
Symantec Web Gateway 5.2.1
Symantec Web Gateway 5.2
Symantec Web Gateway 5.1.1
Symantec Web Gateway 5.1.0
Symantec Web Gateway 5.0.3.18
Symantec Web Gateway 5.0.3.17
Symantec Web Gateway 5.0.3
Symantec Web Gateway 5.0.2.18
Symantec Web Gateway 5.0.2
Symantec Web Gateway 5.0.1
Symantec Web Gateway 5.0
Symantec Web Gateway 4.5.0.376
Symantec Web Gateway 4.5

Not Vulnerable: Symantec Web Gateway 5.2.7

Exploit

Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.

References:

• Symantec Homepage (Symantec)
  
• Security Advisories Relating to Symantec Products - Symantec Web Gateway Managem (Symantec)
  

Source: www.securityfocus.com