Symantec Web Gateway XSS

July 18, 2014

Symantec Web Gateway protects organizations against multiple types of Web-borne malware, prevents data loss over the Web and gives organizations the flexibility of deploying it as either a virtual appliance or on physical hardware. Symantec Web Gateway provides a web interface which provides administration, reports and other functionalities.

A cross-site scripting (XSS) vulnerability exists in Symantec Web Gateway. Specifically, the vulnerability is due to lack of sanitation of HTTP(S) requests sent to the Symantec Web Gateway management console interface. A remote attacker could exploit this vulnerability by enticing a user to click a specially crafted URL link or to submit a web form with crafted values in its fields. Successful exploitation could result in execution of arbitrary script in the victim's browser.

The vulnerability has been assigned as CVE-2014-1652.

Dell SonicWALL has released an IPS signature to detect and block specific exploitation attempts targeting this vulnerability. The signature is listed below:

  • 4527 Symantec Web Gateway Multiple PHP Pages XSS