Cross-Site Scripting Vulnerabilities in Symantec IM Manager
CVE-2011-0552

Currently unrated

Key Information:

Vendor: Symantec
Status: Im Manager
Vendor: CVE Published:; 2 October 2011

Summary

Symantec IM Manager before version 8.4.18 is prone to multiple cross-site scripting vulnerabilities in its management console. Attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML into affected input fields. These include the refreshRateSetting parameter in IMManager/Admin/IMAdminSystemDashboard.asp, nav or menuitem parameters in IMManager/Admin/IMAdminTOC_simple.asp, and the action parameter in IMManager/Admin/IMAdminEdituser.asp. Successful exploitation can lead to unauthorized access and control over user sessions.

References

http://www.securityfocus.com/bid/49739

vdb-entryx_refsource_BID

http://securitytracker.com/id?1026130

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Oct 2, 2011
Vulnerability Reserved
Jan 20, 2011