How does CVE-2017-13678 impact the affected software?

CVE-2017-13678 allows a malicious appliance administrator to inject arbitrary JavaScript code in the management console web client application.

Which software versions are affected by CVE-2017-13678?

CVE-2017-13678 affects Broadcom Advanced Secure Gateway versions 6.6 to 6.6.5.14, 6.7.3 to 6.7.3.7, and 6.7.4 to 6.7.4.107, as well as Broadcom Symantec Proxysg versions 6.5 to 6.5.10.8, 6.6 to 6.6.5.14, 6.7.3 to 6.7.3.7, and 6.7.4 to 6.7.4.107.

What is the severity of CVE-2017-13678?

CVE-2017-13678 has a medium severity rating with a CVSS score of 4.8.

How can I fix the CVE-2017-13678 vulnerability?

To fix the CVE-2017-13678 vulnerability, it is recommended to update the affected software to the latest patched version provided by Broadcom.

Vulnerability/
CVE-2017-13678

medium

4.8

CWE

10/4/2018

5/8/2024

CVE-2017-13678: XSS

Q: What is CVE-2017-13678?

CVE-2017-13678 refers to a stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles.

First published: Tue Apr 10 2018(Updated: )

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

Credit: secure@symantec.com

Affected Software	Affected Version	How to fix
Broadcom Advanced Secure Gateway	>=6.6<6.6.5.14
Broadcom Advanced Secure Gateway	>=6.7.3<6.7.3.7
Broadcom Advanced Secure Gateway	>=6.7.4<6.7.4.107
Broadcom Symantec Proxysg	>=6.5<6.5.10.8
Broadcom Symantec Proxysg	>=6.6<6.6.5.14
Broadcom Symantec Proxysg	>=6.7.3<6.7.3.7
Broadcom Symantec Proxysg	>=6.7.4<6.7.4.107

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-13678?
CVE-2017-13678 refers to a stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles.
How does CVE-2017-13678 impact the affected software?
CVE-2017-13678 allows a malicious appliance administrator to inject arbitrary JavaScript code in the management console web client application.
Which software versions are affected by CVE-2017-13678?
CVE-2017-13678 affects Broadcom Advanced Secure Gateway versions 6.6 to 6.6.5.14, 6.7.3 to 6.7.3.7, and 6.7.4 to 6.7.4.107, as well as Broadcom Symantec Proxysg versions 6.5 to 6.5.10.8, 6.6 to 6.6.5.14, 6.7.3 to 6.7.3.7, and 6.7.4 to 6.7.4.107.
What is the severity of CVE-2017-13678?
CVE-2017-13678 has a medium severity rating with a CVSS score of 4.8.
How can I fix the CVE-2017-13678 vulnerability?
To fix the CVE-2017-13678 vulnerability, it is recommended to update the affected software to the latest patched version provided by Broadcom.

collector/nvd-index
agent/severity
agent/references
agent/author
agent/type
agent/event
agent/weakness
agent/description
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/broadcom
canonical/broadcom advanced secure gateway
version/broadcom advanced secure gateway/6.6
version/broadcom advanced secure gateway/6.7.3
version/broadcom advanced secure gateway/6.7.4
canonical/broadcom symantec proxysg
version/broadcom symantec proxysg/6.5
version/broadcom symantec proxysg/6.6
version/broadcom symantec proxysg/6.7.3
version/broadcom symantec proxysg/6.7.4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.