CVE-2019-19547

MEDIUM

Symantec Endpoint Detection and Response <4.3.0 - XSS

Title source: llm

Description

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

Exploits (1)

nomisec WRITEUP 1 stars

by nasbench · poc

https://github.com/nasbench/CVE-2019-19547

View Code ZIP pw:eip

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://support.symantec.com/us/en/article.SYMSA1502.html

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YQTOWEDFXDTGTD6D4NHRB4FUURQSTTEN/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WRQXCOVFWZIIMAZIAAFAVQGZOS7LGHXP/

Scores

CVSS v3 6.1

EPSS 0.0090

EPSS Percentile 75.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (3)

fedoraproject/fedora 30

fedoraproject/fedora 31

symantec/endpoint_detection_and_response < 4.3.0

Published Jan 13, 2020

Tracked Since Feb 18, 2026