Cross-Site Scripting Vulnerability in Symantec My VIP Portal
CVE-2019-12754

4.8MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: My Vip Portal
Vendor: CVE Published:; 30 August 2019

What is CVE-2019-12754?

The Symantec My VIP Portal was found to be vulnerable to a cross-site scripting (XSS) attack, allowing malicious users to inject harmful client-side scripts into web pages. This exploit can compromise the security of users by executing scripts in their browsers, potentially bypassing access controls and exposing sensitive data. The vulnerability affects previous versions of the product that have since been auto-updated to mitigate this risk.

Affected Version(s)

My VIP Portal Previous My VIP portal

References

https://support.symantec.com/us/en/article.SYMSA1491.html

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 30, 2019
Vulnerability Reserved
Jun 6, 2019

Symantec Corporation

What is CVE-2019-12754?

Affected Version(s)

References

CVSS V3.1

Timeline