2 matches found
CVE-2018-12241
CVE-2018-12241 affects Symantec Security Analytics Web UI (SA) 7.x prior to 7.3.4; vulnerability is a reflected cross-site scripting (XSS) in the Web UI, allowing a remote attacker who knows the SA host to craft a malicious URL and entice SA users to reveal or run malicious JavaScript in the brow...
CVE-2021-30642
Symantec Security Analytics web UI contains an OS command injection flaw (CVE-2021-30642) in versions 7.2 before 7.2.7, 8.1 before 8.1.3-NSR3, 8.2 before 8.2.1-NSR2 or 8.2.2. An unauthenticated remote attacker can trigger arbitrary OS commands with elevated privileges via the web UI input validat...