CVE-2016-3652

5.4MEDIUM

Key Information

Vendor: Symantec
Status: Endpoint Protection Manager
Vendor: CVE Published:; 30 June 2016

Summary

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Refferences

https://www.symantec.com/security_response/securityupdate...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1036196

vdb-entryx_refsource_SECTRACK

https://www.exploit-db.com/exploits/40041/

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/91444

vdb-entryx_refsource_BID

EPSS Score

75% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 30, 2016
Vulnerability Reserved
Mar 23, 2016

Collectors

NVD DatabaseMitre Database