What is CVE-2019-9701?

CVE-2019-9701 is a medium-severity vulnerability in Symantec Data_loss_prevention, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2019-06-19.

How severe is CVE-2019-9701?

Medium severity. CVSS v3 base score is 4.8 out of 10.

XSS in Symantec Data_loss_prevention

CVE-2019-9701

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vuln…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.018 (75.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.8 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N.

Affected products

Symantec Data_loss_prevention — versions 14.0, 14.0.1, 14.0.2
N/a Data Loss Prevention — versions Prior to and including DLP 15.5 MP1

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

secure@symantec.com (x_refsource_MISC, Mitigation, Vendor Advisory)
secure@symantec.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-9701?: CVE-2019-9701 is a medium-severity vulnerability in Symantec Data_loss_prevention, classified under Cross-site Scripting. CVSS score: 4.8/10. Published 2019-06-19.
How severe is CVE-2019-9701?: Medium severity. CVSS v3 base score is 4.8 out of 10.