CVE-2011-1524 Information
Description
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field as demonstrated by injecting an IFRAME element into the event log a different vulnerability than CVE-2011-0545.
Reference
http://securityreason.com/securityalert/8166 http://securitytracker.com/id?1025242 http://sotiriu.de/adv/NSOADV-2011-001.txt http://www.exploit-db.com/exploits/17026 http://www.securityfocus.com/archive/1/517109/100/0/threaded http://www.securityfocus.com/bid/46856 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110321_00 http://www.vupen.com/english/advisories/2011/0727 https://exchange.xforce.ibmcloud.com/vulnerabilities/66213
Share on: