CVE-2011-0550

2011-08-1519:55:03

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.018

Percentile

88.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

Affected configurations

Nvd

Node

symantecendpoint_protectionMatch11.0.6000

symantecendpoint_protectionMatch11.0.6100

symantecendpoint_protectionMatch11.0.6200

symantecendpoint_protectionMatch11.0.6200.754

symantecendpoint_protectionMatch11.0.6300

VendorProductVersionCPE
symantecendpoint_protection11.0.6000cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
symantecendpoint_protection11.0.6100cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
symantecendpoint_protection11.0.6200cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
symantecendpoint_protection11.0.6200.754cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
symantecendpoint_protection11.0.6300cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	endpoint_protection	11.0.6000	cpe:2.3:a:symantec:endpoint_protection:11.0.6000:::::::*
symantec	endpoint_protection	11.0.6100	cpe:2.3:a:symantec:endpoint_protection:11.0.6100:::::::*
symantec	endpoint_protection	11.0.6200	cpe:2.3:a:symantec:endpoint_protection:11.0.6200:::::::*
symantec	endpoint_protection	11.0.6200.754	cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:::::::*
symantec	endpoint_protection	11.0.6300	cpe:2.3:a:symantec:endpoint_protection:11.0.6300:::::::*