XSS in Broadcom Symantec_critical_system_protection
CVE-2014-9224
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (S…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.040 (88.6th percentile) — read the EPSS interpretation.
Affected products
- Broadcom Symantec_critical_system_protection — versions 5.2.9
- Symantec Data_center_security — versions 6.0.0
- N/a — versions n/a
Weakness classification (CWE)
References
- secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
- 20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP (mailing-list, x_refsource_BUGTRAQ)
- secure@symantec.com (x_refsource_MISC)
- 20150122 SEC Consult SA-20150122-0 :: Multiple critical vulnerabilities in Symantec Data Center Security: Server Advanced (SDCS:SA) & SCSP (mailing-list, x_refsource_FULLDISC)
- 72093 (vdb-entry, x_refsource_BID)