CVE-2011-0550

Symantec Endpoint Protection 11.0.600x-11.0.6300 - Cross-Site Scripting via Help.jsp Token Parameter or Console URI

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

References (7)

Core 7

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1025919

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/74466

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/69136

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/48231

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43662

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/74465

Scores

EPSS 0.0072

EPSS Percentile 72.7%

Details

CWE

CWE-79

Status published

Products (5)

symantec/endpoint_protection 11.0.6000

symantec/endpoint_protection 11.0.6100

symantec/endpoint_protection 11.0.6200

symantec/endpoint_protection 11.0.6200.754

symantec/endpoint_protection 11.0.6300

Published Aug 15, 2011

Tracked Since Feb 18, 2026