Reading Time: 1 minute

According to Homeland Security’s Computer Emergency Response Team (US-CERT), the Symantec Web Gateway contains SQL injection and cross-site scripting vulnerabilities.

Symantec Web Gateway, and possibly earlier versions, contains a cross-site scripting vulnerability in the filter_date_period, variable and operator parameters of the /spywall/entSummary.php, /spywall/custom_report.php, /spywall/host_spy_report.php and /spywall/repairedclients.php pages.

This means that a remote unauthenticated attacker may be able to inject arbitrary script or SQL commands. Symantec Web Gateway users should upgrade to 5.2.1 or later

Homeland security recommends that you only allow connections from trusted hosts and networks to prevent an attacker from accessing the web interface using stolen credentials from a blocked network location..

Restricting access will not prevent XSS or SQLi attacks since the attack comes as a request from a legitimate user’s host.

Symantec Web Gateway is a web filtering software intended to protect an organization against malware.