CVE-2004-2755

medium

Description

Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/14825

http://www.securitytracker.com/alerts/2004/Jan/1008711.html

http://www.securityfocus.com/bid/9418

http://www.osvdb.org/6754

http://securityresponse.symantec.com/avcenter/security/Content/2004.01.13.html

http://secunia.com/advisories/10618

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.0109