CVE-2019-9701

Published: Jun 19, 2019Modified: Nov 21, 2024

4.8

Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Exploitability: 1.7 / Impact: 2.7

Source: NVD

Description

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Affected (15)

Products: Symantec: Data Loss Prevention

Symantec

1 product

Data Loss Prevention

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Symantec Data Loss Prevention	Version 14.0.1
Symantec Data Loss Prevention	Version 14.0.2
Symantec Data Loss Prevention	Version 14.0
Symantec Data Loss Prevention	Version 14.5
Symantec Data Loss Prevention	Version 14.5 mp1
Symantec Data Loss Prevention	Version 14.6
Symantec Data Loss Prevention	Version 14.6 mp1
Symantec Data Loss Prevention	Version 14.6 mp2
Symantec Data Loss Prevention	Version 14.6 mp3
Symantec Data Loss Prevention	Version 15.0
Symantec Data Loss Prevention	Version 15.0 mp1
Symantec Data Loss Prevention	Version 15.1
Symantec Data Loss Prevention	Version 15.1 mp1
Symantec Data Loss Prevention	Version 15.5
Symantec Data Loss Prevention	Version 15.5 mp1

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html

Source: secure@symantec.com

https://support.symantec.com/us/en/article.SYMSA1484.html

Source: secure@symantec.com

MitigationVendor Advisory

http://packetstormsecurity.com/files/153512/Symantec-DLP-15.5-MP1-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.symantec.com/us/en/article.SYMSA1484.html

Source: af854a3a-2127-422b-91ae-364da2661108

MitigationVendor Advisory

Timeline

No history available yet.