Symantec Web Security Block Page Message Cross-Site Scripting Vulnerability

It has been reported that Symantec Web Security is prone to a cross-site scripting vulnerability that may allow an attacker to steal cookie-based authentication credentials due to improper sanitization of user-supplied data. HTML and script code may be parsed via URI parameters included in an error or block page message.

Symantec Web Security versions 2.5, 3.0.0, and 3.0.1 have been reported to be vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus