Vulnerabilities > CVE-2004-0192 - Cross-Site Scripting vulnerability in Symantec Gateway Security 5400 2.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Hardware | 1 |
Exploit-Db
| description | Symantec Gateway Security 5400 Series 2.0 Error Page Cross-Site Scripting Vulnerability. CVE-2004-0192. Remote exploit for hardware platform |
| id | EDB-ID:23764 |
| last seen | 2016-02-02 |
| modified | 2004-02-26 |
| published | 2004-02-26 |
| reporter | Soby |
| source | https://www.exploit-db.com/download/23764/ |
| title | Symantec Gateway Security 5400 Series 2.0 Error Page Cross-Site Scripting Vulnerability |