Cross-Site Scripting Vulnerability in Symantec Critical System Protection Management Console
CVE-2014-9224

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Critical System Protection
Vendor: CVE Published:; 21 January 2015

What is CVE-2014-9224?

A Cross-site scripting (XSS) vulnerability exists in the ajaxswing web user interface components of the Management Console server within Symantec Critical System Protection and Symantec Data Center Security: Server Advanced. This flaw allows remote authenticated users to inject arbitrary HTML or web scripts via various unspecified vectors, potentially compromising the security integrity of the web application environment.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534527/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/130060/Symantec-SDCS...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Dec 3, 2014

Broadcom

What is CVE-2014-9224?

References

Timeline