Cross-Site Scripting Vulnerability in Symantec IM Manager
CVE-2009-3036

Currently unrated

Key Information:

Vendor: Symantec
Status: Im Manager
Vendor: CVE Published:; 23 February 2010

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the console of Symantec IM Manager versions 8.3 and 8.4 prior to 8.4.13. This security flaw allows remote attackers to inject arbitrary web scripts or HTML into affected instances, potentially compromising the integrity of user sessions and exposing sensitive data. Attackers can exploit this vulnerability through various unspecified vectors, making it crucial for organizations utilizing these versions to implement necessary updates and security measures.

References

http://osvdb.org/62446

vdb-entryx_refsource_OSVDB

http://www.vupen.com/english/advisories/2010/0438

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/38672

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Feb 23, 2010
Vulnerability Reserved
Aug 31, 2009