source: https://www.securityfocus.com/bid/9755/info
A vulnerability has been reported to exist in the Symantec Gateway Security Web based management console that may allow a remote user to launch cross-site scripting attacks.
The issue is reported to exist due to improper sanitizing of user-supplied data. It has been reported that HTML and script code passed to the Symantec Gateway Security Web based management console via a specially crafted URI, may be incorporated into dynamic content of a server error page.
Successful exploitation of this vulnerability may allow an attacker to steal cookie-based authentication credentials. If an attacker manages to steal a cookie for a valid session, the attacker may leverage the vulnerability to gain management rights to the affected device.
https://example.com:2456/sgmi/<script>badscript</script>
