This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
An application hosted on the remote web server has a cross-site
The version of Symantec Endpoint Protection Manager on the remote web
server has a cross-site scripting (XSS) vulnerability. Input to the
'Msg' parameter of TestConnection.jsp is not properly sanitized. A
remote attacker could exploit this by tricking a user into making a
malicious request, resulting in the execution of arbitrary script
This version of Endpoint Protection Manager has other XSS and cross-
site request forgery (CSRF) vulnerabilities, though Nessus has not
tested for those issues.
See also :
Upgrade to Symantec Endpoint Protection 11 RU7 / 12.1 RU1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true