Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an “HTML Injection issue.”
CPE | Name | Operator | Version |
---|---|---|---|
securityexpressions_audit_and_compliance_server | eq | 4.1 | |
securityexpressions_audit_and_compliance_server | le | 4.1.1 |
secunia.com/advisories/36972
securitytracker.com/id?1022989
www.osvdb.org/58650
www.securityfocus.com/bid/36571
www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00
www.vupen.com/english/advisories/2009/2849
exchange.xforce.ibmcloud.com/vulnerabilities/53669