CVE-2011-0550

Symantec Endpoint Protection - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

References (7)

[Vendor Advisory] http://secunia.com/advisories/43662

[Third Party Advisory, VDB Entry] http://www.osvdb.org/74465

[Third Party Advisory] http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/69136

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/48231

[Third Party Advisory, VDB Entry] http://www.osvdb.org/74466

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1025919

Scores

EPSS 0.0072

EPSS Percentile 72.2%

Classification

CWE

CWE-79

Status published

Affected Products (6)

symantec/endpoint_protection

symantec/endpoint_protection

symantec/endpoint_protection

symantec/endpoint_protection

symantec/endpoint_protection

n/a/n/a

Timeline

Published Aug 15, 2011

Tracked Since Feb 18, 2026