This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.
An application hosted on the remote web server has a cross-site
The version of Symantec Endpoint Protection Manager on the remote web
server has a cross-site scripting (XSS) vulnerability. Input to the
'Msg' parameter of TestConnection.jsp is not properly sanitized. A
remote attacker could exploit this by tricking a user into making a
malicious request, resulting in the execution of arbitrary script
This version of Endpoint Protection Manager has other XSS and cross-
site request forgery (CSRF) vulnerabilities, though Nessus has not
tested for those issues.
See also :
Upgrade to Symantec Endpoint Protection 11 RU7 / 12.1 RU1 or later.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.6
Public Exploit Available : true
Family: CGI abuses : XSS
Nessus Plugin ID: 57767 ()
Bugtraq ID: 48231
CVE ID: CVE-2011-0550
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.