4 matches found
CVE-2019-9701
Symantec Data Loss Prevention (DLP) 15.5 MP1 and earlier versions are affected by a cross-site scripting (XSS) vulnerability in the web application’s input handling, allowing injection of client-side scripts into pages viewed by other users. Root cause: lack of proper validation of client-side da...
CVE-2011-0548
CVE-2011-0548 concerns a buffer overflow in the Lotus Freelance Graphics PRZ file viewer component of Autonomy KeyView, used in Symantec Mail Security (SMS) 6.x–8.x, Symantec Brightmail and Messaging Gateway pre-9.5.1, and Symantec DLP pre-10.5.3 and 11.x pre-11.1. The vulnerability allows a remo...
CVE-2015-1485
CVE-2015-1485 is a CSRF vulnerability in the administration console of Symantec Data Loss Prevention (DLP) Enforce Server, prior to version 12.5.2. The issue allows a remote attacker to hijack administrator authentication and perform unauthorized operations through forged requests, as stated in m...
CVE-2014-9230
The CVE-2014-9230 issue is a cross-site scripting (XSS) vulnerability in the administration console of Symantec Data Loss Prevention (DLP) Enforce Server, prior to version 12.5.2. A remote attacker could inject arbitrary web script or HTML via unspecified vectors in the Enforce Server admin UI. T...