Cross-site Scripting Vulnerability in Intel Security VirusScan Enterprise Linux
CVE-2016-8019

6.1MEDIUM

Key Information:

Vendor
Intel
Status
Virusscan Enterprise Linux (vsel)
Vendor
CVE Published:
14 March 2017

Summary

An XSS vulnerability exists in Intel Security's VirusScan Enterprise Linux, affecting version 2.0.3 and earlier, that allows unauthenticated remote attackers to inject arbitrary scripts or HTML through crafted user inputs. This can potentially compromise user sessions and lead to unauthorized access or manipulation of user data.

Affected Version(s)

VirusScan Enterprise Linux (VSEL) 2.0.3 (and earlier)

References

http://www.securityfocus.com/bid/94823
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1037433
vdb-entryx_refsource_SECTRACK
https://kc.mcafee.com/corporate/index?page=content&id=SB1...
x_refsource_CONFIRM

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.