CVE-2009-1428

EPSS 1.24%
Published 29.04.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source cve@mitre.org
Teams watchlist Login
Open Login

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

Affected products Warnungen 0 Metrics 2 CWE 1 References 12

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Antivirus Version <= 10.1

Symantec ≫ Antivirus Version10.0

Symantec ≫ Antivirus Version10.0.1

Symantec ≫ Antivirus Version10.0.1.1

Symantec ≫ Antivirus Version10.0.2

Symantec ≫ Antivirus Version10.0.2.1

Symantec ≫ Antivirus Version10.0.2.2

Symantec ≫ Antivirus Version10.0.3

Symantec ≫ Antivirus Version10.0.4

Symantec ≫ Antivirus Version10.0.5

Symantec ≫ Antivirus Version10.0.6

Symantec ≫ Antivirus Version10.0.7

Symantec ≫ Antivirus Version10.0.8

Symantec ≫ Antivirus Version10.0.9

Symantec ≫ Endpoint Protection Version11.0

Symantec ≫ Norton 360 Version1.0

Symantec ≫ Norton Internet Security Version2005 Editionanti_spyware

Symantec ≫ Norton Internet Security Version2005 Editionprofessional

Symantec ≫ Norton Internet Security Version2005 Update11.0

Symantec ≫ Norton Internet Security Version2005 Update11.0.9

Symantec ≫ Norton Internet Security Version2005 Update11.5.6.14

Symantec ≫ Norton Internet Security Version2005_contains_nav_11.0.0

Symantec ≫ Norton Internet Security Version2006

Symantec ≫ Norton Internet Security Version2006 Editionprofessional

Symantec ≫ Norton Internet Security Version2007

Symantec ≫ Norton Internet Security Version2008

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.24%	0.774

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/54132

http://secunia.com/advisories/34936

http://www.securityfocus.com/bid/34669

http://www.securitytracker.com/id?1022133

http://www.securitytracker.com/id?1022134

http://www.securitytracker.com/id?1022135

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

http://www.vupen.com/english/advisories/2009/1203

https://exchange.xforce.ibmcloud.com/vulnerabilities/50170

https://nvd.nist.gov/vuln/detail/CVE-2009-1428

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2009-1428

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2009-1428

EUVD