CVE-2014-9224

Currently unrated

Key Information:

Vendor: Broadcom
Status: Symantec Critical System Protection
Vendor: CVE Published:; 21 January 2015

Summary

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

References

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534527/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/130060/Symantec-SDCS...

x_refsource_MISC

Timeline

Vulnerability published
Jan 21, 2015
Vulnerability Reserved
Dec 3, 2014