CVE-2009-1428

Published: Apr 29, 2009Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

Affected (26)

Products: Symantec: Antivirus, Endpoint Protection, Norton 360, Norton Internet Security

4 products

Norton Internet Security

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Symantec Antivirus	Up to 10.1
Symantec Antivirus	Version 10.0.1.1
Symantec Antivirus	Version 10.0.1
Symantec Antivirus	Version 10.0.2.1
Symantec Antivirus	Version 10.0.2.2
Symantec Antivirus	Version 10.0.2
Symantec Antivirus	Version 10.0.3
Symantec Antivirus	Version 10.0.4
Symantec Antivirus	Version 10.0.5
Symantec Antivirus	Version 10.0.6
Symantec Antivirus	Version 10.0.7
Symantec Antivirus	Version 10.0.8
Symantec Antivirus	Version 10.0.9
Symantec Antivirus	Version 10.0
Symantec Endpoint Protection	Version 11.0
Symantec Norton 360	Version 1.0
Symantec Norton Internet Security	Version 2005
Symantec Norton Internet Security	Version 2005
Symantec Norton Internet Security	Version 2005 11.0.9
Symantec Norton Internet Security	Version 2005 11.0
Symantec Norton Internet Security	Version 2005 11.5.6.14
Symantec Norton Internet Security	Version 2005_contains_nav_11.0.0
Symantec Norton Internet Security	Version 2006
Symantec Norton Internet Security	Version 2006
Symantec Norton Internet Security	Version 2007
Symantec Norton Internet Security	Version 2008