Description
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105581
Scores
CVSS v3
6.1
EPSS
0.0037
EPSS Percentile
58.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
symantec/web_isolation
1.11 - 1.11.21
Published
Oct 22, 2018
Tracked Since
Feb 18, 2026