XSS in Symantec Data_loss_prevention

CVE-2014-9230

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.020 (78.0th percentile) — read the EPSS interpretation.

Affected products

Symantec Data_loss_prevention
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secure@symantec.com (vdb-entry, x_refsource_BID)
secure@symantec.com (vdb-entry, x_refsource_SECTRACK)
secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)