Cross-Site Scripting Vulnerabilities in Symantec Endpoint Protection Manager
CVE-2016-5305

5.4MEDIUM

Key Information:

Vendor: Symantec
Status: Endpoint Protection Manager
Vendor: CVE Published:; 30 June 2016

What is CVE-2016-5305?

Multiple cross-site scripting vulnerabilities exist in management scripts of Symantec Endpoint Protection Manager (SEPM) versions prior to RU6 MP5. These vulnerabilities enable remote authenticated users to exploit the system by injecting arbitrary web scripts or HTML through a DOM link manipulation attack. Successful exploitation can lead to unauthorized actions on behalf of the user, raising significant security concerns for affected installations.