Symantec SecurityExpressions Audit and Compliance Server Multiple XSS
High Nessus Network Monitor Plugin ID 5206
SynopsisThe remote web application is affected by multiple cross-site scripting vulnerabilities.
DescriptionThe remote web server is running Symantec SecurityExpressions Audit and Compliance Server. The installed version is potentially affected by multiple cross-site scripting vulnerabilities :
- The web console fails to sanitize user supplied input to certain unspecified parameters. An authorized user may be able to exploit this issue to inject arbitrary HTML script code into an user's browser to be executed within the security context of the affected site.
- Certain error messages are not properly encoded which could be exploited by an attacker to inject arbitrary HTML content into an user's browser session.
SolutionApply Hot Fix 1 referenced in article KB49452