CVE-2011-1524
Symantec LiveUpdate Administrator <2.3 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
Exploits (1)
exploitdb
WORKING POC
by Nikolas Sotiriu · textwebappswindows
https://www.exploit-db.com/exploits/17026
References (9)
Scores
EPSS
0.2054
EPSS Percentile
95.5%
Classification
CWE
CWE-79
Status
published
Affected Products (7)
symantec/liveupdate_administrator
< 2.2.2.9
symantec/liveupdate_administrator
symantec/liveupdate_administrator
symantec/liveupdate_administrator
symantec/liveupdate_administrator
symantec/liveupdate_administrator
n/a/n/a
Timeline
Published
Mar 28, 2011
Tracked Since
Feb 18, 2026