Cross-Site Scripting Vulnerability in Symantec Data Insight Management Console
CVE-2014-3433

Currently unrated

Key Information:

Vendor: Symantec
Status: Data Insight
Vendor: CVE Published:; 27 June 2014

Summary

A cross-site scripting vulnerability exists in the management console of Symantec Data Insight in versions 3.x and 4.x prior to 4.5. This flaw allows remote attackers to inject arbitrary web scripts or HTML through an unspecified form field, potentially leading to unauthorized actions being taken within the management console. The issue is related to improper handling of input data, which can be exploited to execute malicious scripts that might compromise user sessions or manipulate web content.

References

http://www.securityfocus.com/bid/68161

vdb-entryx_refsource_BID

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1030472

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 27, 2014
Vulnerability Reserved
May 9, 2014