VULHUB ™

It has been reported that Symantec Web Security is prone to a cross-site scripting vulnerability that may allow an attacker to steal cookie-based authentication credentials due to improper sanitization of user-supplied data. HTML and script code may be parsed via URI parameters included in an error or block page message. Symantec Web Security versions 2.5, 3.0.0, and 3.0.1 have been reported to be vulnerable to this issue.

It has been reported that Symantec Web Security is prone to a cross-site scripting vulnerability that may allow an attacker to steal cookie-based authentication credentials due to improper sanitization of user-supplied data. HTML and script code may be parsed via URI parameters included in an error or block page message. Symantec Web Security versions 2.5, 3.0.0, and 3.0.1 have been reported to be vulnerable to this issue.