Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) prior to 2.3 allows remote malicious users to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
symantec liveupdate administrator 2.2.2 |
||
symantec liveupdate administrator 2.2.1 |
||
symantec liveupdate administrator 2.1.3 |
||
symantec liveupdate administrator 2.1.2 |
||
symantec liveupdate administrator 2.1.0 |
||
symantec liveupdate administrator |