CVE-2009-3036

Symantec IM Manager 8.3 and 8.4 < 8.4.13 - Cross-Site Scripting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3036. PoCs published by brinhosa.

AI-analyzed exploit summary This repository contains a detailed writeup about CVE-2009-3036, an HTML injection vulnerability in Symantec IM Manager Console. It includes technical details such as affected versions, vulnerability class, and references to external resources like SecurityFocus.

Description

Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

nomisec WRITEUP
by brinhosa · poc
https://github.com/brinhosa/CVE-2009-3036

This repository contains a detailed writeup about CVE-2009-3036, an HTML injection vulnerability in Symantec IM Manager Console. It includes technical details such as affected versions, vulnerability class, and references to external resources like SecurityFocus.

Classification
Writeup 80%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Symantec IM Manager 8.4, 8.3
No auth needed
Prerequisites: Access to the Symantec IM Manager Console web interface
MITRE ATT&CK
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/62446
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0438
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38672
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/38241

Scores

EPSS 0.0225
EPSS Percentile 80.8%

Details

CWE
CWE-79
Status published
Products (2)
symantec/im_manager 8.3
symantec/im_manager 8.4
Published Feb 23, 2010
Tracked Since Feb 18, 2026