CVE-2011-0550 : Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

Published 2011-08-15 19:55:04

Updated 2017-08-17 01:33:37

Source MITRE

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2011-0550

Probability of exploitation activity in the next 30 days: 1.82%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 87 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-0550

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-0550

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0550

http://securitytracker.com/id?1025919

Symantec Endpoint Protection Manager Input Validation Hole Permits Cross-Site Scripting and Cross-Site Request Forgery Attacks - SecurityTracker

CVEs referencing this url
http://www.securityfocus.com/bid/48231

Symantec Endpoint Protection CVE-2011-0550 Cross Site Scripting Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/69136

Symantec Endpoint Protection Manager sepm cross-site scripting CVE-2011-0550 Vulnerability Report
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2011&suid=20110810_00

Symantec Endpoint Protection Manager Cross-Site Request Forgery and Cross-Site Scripting

CVEs referencing this url

Products affected by CVE-2011-0550

Symantec » Endpoint Protection » Version: 11.0.6200.754
cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0.6000
cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0.6100
cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0.6300
cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*
Matching versions
Symantec » Endpoint Protection » Version: 11.0.6200
cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-0550

Exploit prediction scoring system (EPSS) score for CVE-2011-0550

CVSS scores for CVE-2011-0550

CWE ids for CVE-2011-0550

References for CVE-2011-0550

Products affected by CVE-2011-0550