Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Symantec SecurityExpressions Audit and Compliance Server Multiple XSS

High

Synopsis

The remote web application is affected by multiple cross-site scripting vulnerabilities.

Description

The remote web server is running Symantec SecurityExpressions Audit and Compliance Server. The installed version is potentially affected by multiple cross-site scripting vulnerabilities :

- The web console fails to sanitize user supplied input to certain unspecified parameters. An authorized user may be able to exploit this issue to inject arbitrary HTML script code into an user's browser to be executed within the security context of the affected site.

- Certain error messages are not properly encoded which could be exploited by an attacker to inject arbitrary HTML content into an user's browser session.

Solution

Apply Hot Fix 1 referenced in article KB49452