CVE-2014-3438 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Reference

http://seclists.org/fulldisclosure/2014/Nov/7 http://www.securityfocus.com/archive/1/533918/100/0/threaded http://www.securityfocus.com/bid/70844 http://www.securitytracker.com/id/1031176 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20141105_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/98526