Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:12464
HistoryOct 13, 2009 - 12:00 a.m.

Symantec SecurityExpressions跨站脚本和HTML注入漏洞

2009-10-1300:00:00
Root
www.seebug.org
8

0.009 Low

EPSS

Percentile

82.8%

JSON

BUGTRAQ ID: 36570,36571
CVE(CAN) ID: CVE-2009-3029,CVE-2009-3030

Symantec SecurityExpressions是用于在企业执行安全核查、合规性和配置检查的安全解决方案。

SecurityExpression审计和合规性服务器没有正确地验证客户端提交给控制台的输入,远程攻击者可以通过提交恶意请求执行存储式跨站脚本攻击;此外由于没有正确地编码响应的出错消息,远程攻击者还可以在返回给用户的响应中注入恶意HTML内容。

Symantec SecurityExpressions 4.1.1
Symantec SecurityExpressions 4.1
厂商补丁:

Symantec

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://kb.altiris.com/

Related

nessus 1
symantec 1
nvd 2
prion 2
cvelist 2
cve 2
nessus
nessus
Symantec SecurityExpressions Audit and Compliance Server Multiple XSS
2009-10-09 00:00:00
symantec
symantec
Symantec Security Expressions Cross-site Scripting and HTML Injection Vulnerability
2009-10-06 08:00:00
nvd
nvd
CVE-2009-3030
2009-10-15 10:30:00
CVE-2009-3029
2009-10-15 10:30:00
prion
prion
Cross site scripting
2009-10-15 10:30:00
Cross site scripting
2009-10-15 10:30:00
cvelist
cvelist
CVE-2009-3029
2009-10-15 10:00:00
CVE-2009-3030
2009-10-15 10:00:00
cve
cve
CVE-2009-3029
2009-10-15 10:30:00
CVE-2009-3030
2009-10-15 10:30:00

0.009 Low

EPSS

Percentile

82.8%

JSON
Related for SSV:12464
nessus1symantec1nvd2prion2cvelist2cve2