CVE-2009-3029
Symantec SecurityExpressions Audit and Compliance Server <= 4.1.1 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.
References (6)
Core 6
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2849
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36972
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/58651
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022989
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/36570
Scores
EPSS
0.0051
EPSS Percentile
66.5%
Details
CWE
CWE-79
Status
published
Products (2)
symantec/securityexpressions_audit_and_compliance_server
4.1
symantec/securityexpressions_audit_and_compliance_server
< 4.1.1
Published
Oct 15, 2009
Tracked Since
Feb 18, 2026