CVE-2009-3030

Symantec SecurityExpressions Audit and Compliance Server <= 4.1.1 - Cross-Site Scripting via Error Message

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."

References (7)

Core 7

Core References

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2849

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36972

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/58650

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/36571

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/53669

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1022989

Scores

EPSS 0.0078

EPSS Percentile 73.9%

Details

CWE

CWE-79

Status published

Products (2)

symantec/securityexpressions_audit_and_compliance_server 4.1

symantec/securityexpressions_audit_and_compliance_server < 4.1.1

Published Oct 15, 2009

Tracked Since Feb 18, 2026