Brian Soby

**Name of the Vulnerable Software and Affected Versions** Symantec Gateway Security version 2.0 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to steal cookies and hijack a management session. This occurs when a malicious script is included in a URL, such as the "/sgmi" API endpoint, and this script is not properly quoted in the resulting error page. **Recommendations** For Symantec Gateway Security version 2.0, as a temporary workaround, consider restricting access to the /sgmi API endpoint until a patch is available. Additionally, ensure that all user input is properly sanitized to prevent malicious scripts from being executed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.