Reflected Cross-Site Scripting Vulnerability in Symantec Web Isolation
CVE-2018-12246

6.1MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: Symantec Web Isolation
Vendor: CVE Published:; 22 October 2018

What is CVE-2018-12246?

The Symantec Web Isolation solution is vulnerable to a reflected cross-site scripting (XSS) flaw present in versions prior to 1.11.21. This vulnerability allows remote attackers to launch social engineering attacks on users protected by the Web Isolation platform. By crafting malicious URLs that appear legitimate, an attacker can execute unwanted scripts in the context of the victim's web browser. However, it is important to note that the attack does not affect the actual isolated version of the site managed by the WI Threat Isolation Engine.

Affected Version(s)

Symantec Web Isolation 1.11 prior to 1.11.21

References

https://support.symantec.com/content/unifiedweb/en_US/art...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/105581

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Oct 22, 2018
Vulnerability Reserved
Jun 12, 2018

Symantec Corporation

What is CVE-2018-12246?

Affected Version(s)

References

CVSS V3.1

Timeline