Cross-Site Scripting Flaw in Symantec Data Loss Prevention Administration Console
CVE-2014-9230

Currently unrated

Key Information:

Vendor: Symantec
Status: Data Loss Prevention
Vendor: CVE Published:; 28 June 2015

Summary

The administration console of the Enforce Server in Symantec Data Loss Prevention is susceptible to a cross-site scripting (XSS) vulnerability. This flaw allows remote attackers to inject arbitrary web scripts or HTML into the console, potentially compromising the integrity of the application and the security of sensitive data. It is essential for users to apply appropriate updates to safeguard against such attacks.

References

http://www.securityfocus.com/bid/75288

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1032710

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 28, 2015
Vulnerability Reserved
Dec 3, 2014