CVE-2011-0552

Symantec IM Manager < 8.4.18 - Cross-Site Scripting via Multiple Parameters

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/49739

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1026130

Third Party Advisory x_refsource_confirm

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110929_00

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/43157

Scores

EPSS 0.0053

EPSS Percentile 67.2%

Details

CWE

CWE-79

Status published

Products (20)

symantec/im_manager 6.0

symantec/im_manager 6.5

symantec/im_manager 7.0

symantec/im_manager 7.5

symantec/im_manager 8.3

symantec/im_manager 8.4.0

symantec/im_manager 8.4.1

symantec/im_manager 8.4.2

symantec/im_manager 8.4.5

symantec/im_manager 8.4.6

... and 10 more

Published Oct 02, 2011

Tracked Since Feb 18, 2026