3 matches found
CVE-2014-3433
Cross-site scripting XSS vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue...
CVE-2014-3433
CVE-2014-3433 affects the Symantec Data Insight management console (3.x and 4.x up to 4.5). The vulnerability is a cross-site scripting (XSS) flaw caused by insufficient sanitization of user-supplied input in the management GUI, allowing an attacker to inject arbitrary script or HTML via an unspe...
Symantec Data Insight Management Console HTML Injection and Cross-Site Scripting
SUMMARY The management console for Symantec Data Insight does not sufficiently validate/sanitize arbitrary input in two separate fields within the management GUI. This could potentially allow unauthorized command execution or potential malicious redirection. AFFECTED PRODUCTS Product | Version |...