Cross-Site Scripting Vulnerability in Symantec IT Analytics from Broadcom
CVE-2020-5838

4.8MEDIUM

Key Information:

Vendor: Symantec
Status: It Analytics
Vendor: CVE Published:; 13 May 2020

Summary

The vulnerability in Symantec IT Analytics allows for the injection of client-side scripts into web pages viewed by users, potentially enabling attackers to execute malicious scripts. This XSS flaw could affect the integrity of data presented to the user and compromise sensitive information. Organizations utilizing versions prior to 2.9.1 should urgently implement patches or updates to mitigate this risk.

Affected Version(s)

IT Analytics Prior to 2.9.1

References

https://support.broadcom.com/security-advisory/security-a...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 13, 2020
Vulnerability Reserved
Jan 6, 2020