Detections
Analytics

Symantec SecurityExpressions Audit and Compliance Server Multiple XSS

medium Nessus Plugin ID 42083

Language:

Synopsis

The remote Windows host contains an application that is affected by multiple cross-site scripting vulnerabilities.

Description

Symantec SecurityExpressions Audit and Compliance Server is installed on the remote host. The installed version is affected by multiple cross-site scripting vulnerabilities.

- The web console fails to sanitize user-supplied input to certain unspecified parameters. An authorized user may be able to exploit this issue to inject arbitrary HTML or script code into a user's browser to be executed within the security context of the affected site.
 (CVE-2009-3029)

 - Certain error messages are not properly encoded which could be exploited by an attacker to inject arbitrary HTML content into a user's browser session.
 (CVE-2009-3030)

Solution

Apply Hot Fix 1 as referenced in article KB49452.

See Also

http://www.nessus.org/u?7a883f48

Plugin Details

Severity: Medium

ID: 42083

File Name: symantec_securityexpressions_multiple_xss.nasl

Version: 1.14

Type: remote

Published: 10/9/2009

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:symantec:securityexpressions_audit_and_compliance_server

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 10/6/2009

Reference Information

CVE: CVE-2009-3029, CVE-2009-3030

BID: 36570, 36571

CWE: 79

Secunia: 36972