Lucene search

[email protected]CVE-2009-1428

HistoryApr 29, 2009 - 3:30 p.m.

CVE-2009-1428

2009-04-2915:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2009-1428

symantec

xss

vulnerabilities

cclgview.exe

sav

sep

norton

remote attackers

web script

html

nvd

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to “two parsing errors.”

Affected configurations

NVD

Node

symantecantivirusRange≤10.1

symantecantivirusMatch10.0

symantecantivirusMatch10.0.1

symantecantivirusMatch10.0.1.1

symantecantivirusMatch10.0.2

symantecantivirusMatch10.0.2.1

symantecantivirusMatch10.0.2.2

symantecantivirusMatch10.0.3

symantecantivirusMatch10.0.4

symantecantivirusMatch10.0.5

symantecantivirusMatch10.0.6

symantecantivirusMatch10.0.7

symantecantivirusMatch10.0.8

symantecantivirusMatch10.0.9

symantecendpoint_protectionMatch11.0

symantecnorton_360Match1.0

symantecnorton_internet_securityMatch2005anti_spyware

symantecnorton_internet_securityMatch2005professional

symantecnorton_internet_securityMatch200511.0

symantecnorton_internet_securityMatch200511.0.9

symantecnorton_internet_securityMatch200511.5.6.14

symantecnorton_internet_securityMatch2005_contains_nav_11.0.0

symantecnorton_internet_securityMatch2006

symantecnorton_internet_securityMatch2006professional

symantecnorton_internet_securityMatch2007

symantecnorton_internet_securityMatch2008

CPENameOperatorVersion
symantec:antivirussymantec antivirusle10.1
symantec:antivirussymantec antiviruseq10.0
symantec:antivirussymantec antiviruseq10.0.1
symantec:antivirussymantec antiviruseq10.0.1.1
symantec:antivirussymantec antiviruseq10.0.2
symantec:antivirussymantec antiviruseq10.0.2.1
symantec:antivirussymantec antiviruseq10.0.2.2
symantec:antivirussymantec antiviruseq10.0.3
symantec:antivirussymantec antiviruseq10.0.4
symantec:antivirussymantec antiviruseq10.0.5

CPE	Name	Operator	Version
symantec:antivirus	symantec antivirus	le	10.1
symantec:antivirus	symantec antivirus	eq	10.0
symantec:antivirus	symantec antivirus	eq	10.0.1
symantec:antivirus	symantec antivirus	eq	10.0.1.1
symantec:antivirus	symantec antivirus	eq	10.0.2
symantec:antivirus	symantec antivirus	eq	10.0.2.1
symantec:antivirus	symantec antivirus	eq	10.0.2.2
symantec:antivirus	symantec antivirus	eq	10.0.3
symantec:antivirus	symantec antivirus	eq	10.0.4
symantec:antivirus	symantec antivirus	eq	10.0.5

Rows per page:

1-10 of 211

References

osvdb.org/54132

secunia.com/advisories/34936

www.securityfocus.com/bid/34669

www.securitytracker.com/id?1022133

www.securitytracker.com/id?1022134

www.securitytracker.com/id?1022135

www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01

www.vupen.com/english/advisories/2009/1203

exchange.xforce.ibmcloud.com/vulnerabilities/50170

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for CVE-2009-1428

nvd1 prion1 symantec1 cvelist1