CVE-2011-0550

2011-08-1519:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2011-0550

cross-site scripting

xss

symantec endpoint protection

vulnerabilities

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

Affected configurations

NVD

Node

symantecendpoint_protectionMatch11.0.6000

symantecendpoint_protectionMatch11.0.6100

symantecendpoint_protectionMatch11.0.6200

symantecendpoint_protectionMatch11.0.6200.754

symantecendpoint_protectionMatch11.0.6300

CPENameOperatorVersion
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6000
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6100
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6200.754
symantec:endpoint_protectionsymantec endpoint protectioneq11.0.6300

CPE	Name	Operator	Version
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6000
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6100
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6200.754
symantec:endpoint_protection	symantec endpoint protection	eq	11.0.6300