CVE-2004-2755: XSS
First published: Fri Dec 31 2004(Updated: )
Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Web Security | =2.5 | |
| Symantec Web Security | =3.0 | |
| Symantec Web Security | =3.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2755?
CVE-2004-2755 is classified as a moderate severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2004-2755?
To fix CVE-2004-2755, upgrade Symantec Web Security to version 3.0.1 build 62 or later.
What types of attacks can exploit CVE-2004-2755?
CVE-2004-2755 can be exploited by remote attackers to inject arbitrary web scripts or HTML into error and block page messages.
Which versions of Symantec Web Security are affected by CVE-2004-2755?
CVE-2004-2755 affects Symantec Web Security versions 2.5, 3.0.0, and 3.0.1 prior to build 62.
What are the potential impacts of CVE-2004-2755?
The potential impacts of CVE-2004-2755 include unauthorized access and manipulation of session information due to XSS.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/event
- agent/description
- agent/source
- vendor/symantec
- canonical/symantec web security
- version/symantec web security/2.5
- version/symantec web security/3.0
- version/symantec web security/3.0.1