QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10256

Published: Jan 10, 2018

Modified: Sep 17, 2024

PUBLISHED

Description

The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.

Vendor	Product	Versions
Symantec Corporation	ProxySG	affected `6.5 prior to 6.5.10.6` affected `6.6` affected `6.7 prior to 6.7.2.1`

References

vdb-entry

x_refsource_SECTRACK

https://www.symantec.com/security-center/network-protection-security-advisories/SA155

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.