This script is Copyright (C) 2009-2012 Tenable Network Security, Inc.
The remote Windows host contains an application that is affected by
multiple cross-site scripting vulnerabilities.
Symantec SecurityExpressions Audit and Compliance Server is installed
on the remote host. The installed version is affected by multiple
cross-site scripting vulnerabilities.
- The web console fails to sanitize user-supplied input
to certain unspecified parameters. An authorized user may
be able to exploit this issue to inject arbitrary HTML or
script code into a user's browser to be executed
within the security context of the affected site.
- Certain error messages are not properly encoded which
could be exploited by an attacker to inject arbitrary
HTML content into a user's browser session.
See also :
Apply Hot Fix 1 as referenced in article KB49452.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true