CVE-2009-1428

medium

Description

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/50170

http://www.vupen.com/english/advisories/2009/1203

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

http://www.securitytracker.com/id?1022135

http://www.securitytracker.com/id?1022134

http://www.securitytracker.com/id?1022133

http://www.securityfocus.com/bid/34669

http://secunia.com/advisories/34936

http://osvdb.org/54132

Details

Source: Mitre, NVD

Published: 2009-04-29

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.01241