CVE-2016-5304

MEDIUM

Symantec Endpoint Protection Manager < 12.1.6 - Authenticated Open Redirect

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-5304. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Symantec Endpoint Protection Manager (SEPM) v12.1, including XSS, CSRF, and Open Redirect. It includes proof-of-concept examples for each vulnerability type, such as bypassing HttpOnly cookie protection via XSS and redirecting users to malicious URLs.

Description

Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/40041

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Symantec Endpoint Protection Manager (SEPM) v12.1, including XSS, CSRF, and Open Redirect. It includes proof-of-concept examples for each vulnerability type, such as bypassing HttpOnly cookie protection via XSS and redirecting users to malicious URLs.

Classification

Working Poc 100%

Attack Type

Xss | Csrf | Other

Complexity

Trivial

Reliability

Reliable

Target: Symantec Endpoint Protection Manager v12.1

Auth required

Prerequisites: Access to the SEP Management console · Victim interaction for CSRF and Open Redirect

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_confirm

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1036196

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/91447

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/40041/

Scores

CVSS v3 6.8

EPSS 0.0412

EPSS Percentile 89.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N

Details

Status published

Products (1)

symantec/endpoint_protection_manager < 12.1.6

Published Jun 30, 2016

Tracked Since Feb 18, 2026