4.3

CVE-2011-0550

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SymantecEndpoint Protection Version11.0.6000
SymantecEndpoint Protection Version11.0.6100
SymantecEndpoint Protection Version11.0.6200
SymantecEndpoint Protection Version11.0.6200.754
SymantecEndpoint Protection Version11.0.6300
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.33% 0.673
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/43662
Vendor Advisory
http://securitytracker.com/id?1025919
http://www.osvdb.org/74465
http://www.osvdb.org/74466
http://www.securityfocus.com/bid/48231
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00
https://exchange.xforce.ibmcloud.com/vulnerabilities/69136