Cross-Site Scripting Vulnerability in Symantec DLP Software
CVE-2019-9701

4.8MEDIUM

Key Information:

Vendor: Symantec
Status: Data Loss Prevention
Vendor: CVE Published:; 19 June 2019

Summary

The Symantec Data Loss Prevention (DLP) 15.5 MP1 and earlier versions are vulnerable to cross-site scripting (XSS) attacks. This vulnerability allows attackers to inject malicious client-side scripts into web pages viewed by other users. Exploiting this weakness could enable attackers to bypass security measures such as the same-origin policy, leading to unauthorized actions on behalf of the user. It is crucial for organizations using affected versions to apply security patches and implement web application security best practices to mitigate potential risks.

Affected Version(s)

Data Loss Prevention Prior to and including DLP 15.5 MP1

References

https://support.symantec.com/us/en/article.SYMSA1484.html

x_refsource_MISC

http://packetstormsecurity.com/files/153512/Symantec-DLP-...

x_refsource_MISC

EPSS Score

95% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 19, 2019
Vulnerability Reserved
Mar 11, 2019