CVE-2014-3438

Symantec Endpoint Protection Manager < 12.1 RU5 - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-3438.

AI-analyzed exploit summary The document provides a detailed technical analysis of multiple vulnerabilities in Symantec Endpoint Protection, including XXE, XSS, and arbitrary file write/overwrite flaws. It includes proof-of-concept examples and exploitation scenarios, demonstrating a deep understanding of the vulnerabilities.

Description

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WRITEUP

webappsjsp

https://www.exploit-db.com/exploits/35181

View Code ZIP pw:eip

The document provides a detailed technical analysis of multiple vulnerabilities in Symantec Endpoint Protection, including XXE, XSS, and arbitrary file write/overwrite flaws. It includes proof-of-concept examples and exploitation scenarios, demonstrating a deep understanding of the vulnerabilities.

Classification

Writeup 100%

Attack Type

Xss | Ssrf | Dos | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Symantec Endpoint Protection 12.1.4023.4080

No auth needed

Prerequisites: Ability to perform MitM attacks · Access to the target network

MITRE ATT&CK