Cross-Site Scripting Vulnerability in Symantec My VIP Portal
CVE-2019-12754

4.8MEDIUM

Key Information:

Vendor: Symantec Corporation
Status: My Vip Portal
Vendor: CVE Published:; 30 August 2019

🔔 Create Symantec Corporation Vulnerability Alert

What is CVE-2019-12754?

The Symantec My VIP Portal was found to be vulnerable to a cross-site scripting (XSS) attack, allowing malicious users to inject harmful client-side scripts into web pages. This exploit can compromise the security of users by executing scripts in their browsers, potentially bypassing access controls and exposing sensitive data. The vulnerability affects previous versions of the product that have since been auto-updated to mitigate this risk.

Affected Version(s)

My VIP Portal Previous My VIP portal

References

https://support.symantec.com/us/en/article.SYMSA1491.html

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 30, 2019
Vulnerability Reserved
Jun 6, 2019