Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-4676

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Published

2013-08-05T13:22:52.677

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	symantec	backup_exec	2010_r3	Yes
Application	symantec	backup_exec	2010_r3	Yes
Application	symantec	backup_exec	2010_r3	Yes
Application	symantec	backup_exec	2012	Yes

References

http://osvdb.org/95941 ([email protected])
http://osvdb.org/95942 ([email protected])
http://www.securityfocus.com/bid/61486 ([email protected])
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00 Vendor Advisory ([email protected])
http://osvdb.org/95941 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/95942 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/61486 (af854a3a-2127-422b-91ae-364da2661108)
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130801_00 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)