CVE-2007-0563

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web Security (SWS) before 3.0.1.85 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) error messages and (2) blocked page messages produced by SWS.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/31750

http://www.vupen.com/english/advisories/2007/0330

http://www.securityfocus.com/bid/22184

http://securitytracker.com/id?1017558

http://securityresponse.symantec.com/avcenter/security/Content/2007.01.24c.html

http://secunia.com/advisories/23896

http://osvdb.org/32961

http://osvdb.org/32960

Details

Source: Mitre, NVD

Published: 2007-01-30

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium