Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x up to and including 11.0.6300 allow remote malicious users to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symantec endpoint protection 11.0.6200.754 |
||
symantec endpoint protection 11.0.6000 |
||
symantec endpoint protection 11.0.6100 |
||
symantec endpoint protection 11.0.6300 |
||
symantec endpoint protection 11.0.6200 |