Unrated severityNVD Advisory· Published Aug 5, 2013· Updated Apr 29, 2026

CVE-2013-4676

Description

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a (1) custom-reports generation page, (2) Storage Devices creation page, or (3) jobs creation page in the management console; or (4) a Backup Exec server-management page in the beutility console.

Affected products

Symantec/Backup Exec4 versions
cpe:2.3:a:symantec:backup_exec:2010_r3:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:symantec:backup_exec:2010_r3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:2010_r3:sp1:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:2010_r3:sp2:*:*:*:*:*:*
- cpe:2.3:a:symantec:backup_exec:2012:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
osvdb.org/95941nvd
osvdb.org/95942nvd
www.securityfocus.com/bid/61486nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000