CVE-2009-1428
Symantec AntiVirus < 10.1 - Cross-Site Scripting via Crafted Email Message
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."
References (9)
Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50170
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1203
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34669
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022135
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022134
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1022133
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34936
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/54132
Scores
EPSS
0.0104
EPSS Percentile
77.7%
Details
CWE
CWE-79
Status
published
Products (21)
symantec/antivirus
10.0
symantec/antivirus
10.0.1
symantec/antivirus
10.0.1.1
symantec/antivirus
10.0.2
symantec/antivirus
10.0.2.1
symantec/antivirus
10.0.2.2
symantec/antivirus
10.0.3
symantec/antivirus
10.0.4
symantec/antivirus
10.0.5
symantec/antivirus
10.0.6
... and 11 more
Published
Apr 29, 2009
Tracked Since
Feb 18, 2026