CVE-2011-1524

Currently unrated

Key Information:

Vendor: Symantec
Status: Liveupdate Administrator
Vendor: CVE Published:; 28 March 2011

Summary

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/66213

vdb-entryx_refsource_XF

http://sotiriu.de/adv/NSOADV-2011-001.txt

x_refsource_MISC

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Mar 28, 2011
Vulnerability Reserved
Mar 28, 2011