CVE-2017-13678 in Symantec and Broadcom Products
Published on April 11, 2018

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

NVD

Products Associated with CVE-2017-13678

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2017-13678 are published in these products:

Symantec Advanced Secure Gateway

Broadcom Symantec Proxysg

Broadcom Advanced Secure Gateway

Affected Versions

Symantec Corporation Advanced Secure Gateway (ASG):

Version 6.6 prior to 6.6.5.14 is affected.
Version 6.7 prior to 6.7.4.107 is affected.

Symantec Corporation ProxySG:

Version 6.5 prior to 6.5.10.8 is affected.
Version 6.6 prior to 6.6.5.14 is affected.
Version 6.7 prior to 6.7.4.107 is affected.

Exploit Probability

EPSS

0.31%

Percentile

53.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2017-13678 in Symantec and Broadcom ProductsPublished on April 11, 2018

Products Associated with CVE-2017-13678

Affected Versions

Exploit Probability

CVE-2017-13678 in Symantec and Broadcom Products
Published on April 11, 2018