Lucene search

K
cve[email protected]CVE-2011-1524
HistoryMar 28, 2011 - 6:55 p.m.

CVE-2011-1524

2011-03-2818:55:00
CWE-79
web.nvd.nist.gov
19
cve-2011-1524
cross-site scripting
xss
symantec liveupdate administrator
lua
remote code injection
html injection

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

82.9%

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

5.6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.01 Low

EPSS

Percentile

82.9%