Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2014-9224

Summary
Assigner-symantec
Assigner Org ID-80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At-21 Jan, 2015 | 11:00
Updated At-06 Aug, 2024 | 13:40
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:symantec
Assigner Org ID:80d3bcb6-88de-48c2-a47e-aebf795f19b5
Published At:21 Jan, 2015 | 11:00
Updated At:06 Aug, 2024 | 13:40
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/534527/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Jan/91
mailing-list
x_refsource_FULLDISC
http://www.securityfocus.com/bid/72093
vdb-entry
x_refsource_BID
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.securityfocus.com/bid/72093
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/archive/1/534527/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2015/Jan/91
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.securityfocus.com/bid/72093
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.securityfocus.com/bid/72093
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secure@symantec.com
Published At:21 Jan, 2015 | 15:17
Updated At:12 Apr, 2025 | 10:46

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
Broadcom Inc.
broadcom
>>symantec_critical_system_protection>>5.2.9
cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*
Symantec Corporation
symantec
>>data_center_security>>6.0.0
cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.htmlsecure@symantec.com
N/A
http://seclists.org/fulldisclosure/2015/Jan/91secure@symantec.com
N/A
http://www.securityfocus.com/archive/1/534527/100/0/threadedsecure@symantec.com
N/A
http://www.securityfocus.com/bid/72093secure@symantec.com
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00secure@symantec.com
Vendor Advisory
http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2015/Jan/91af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/archive/1/534527/100/0/threadedaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/72093af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/72093
Source: secure@symantec.com
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
Source: secure@symantec.com
Resource:
Vendor Advisory
Hyperlink: http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2015/Jan/91
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/534527/100/0/threaded
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/72093
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

6349Records found
CVE-2018-6447
Matching Score-10
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-10
Assigner-Brocade Communications Systems, LLC
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 53.06%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 13:06
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3029
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.51% / 65.24%
||
7 Day CHG~0.00%
Published-15 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-securityexpressions_audit_and_compliance_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-6549
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-3.5||LOW
EPSS-0.47% / 63.57%
||
7 Day CHG~0.00%
Published-03 Oct, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in an application console in the server in Symantec NetBackup OpsCenter before 7.7.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-netbackup_opscentern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-2827
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.22% / 44.62%
||
7 Day CHG~0.00%
Published-08 Apr, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and 9.3.x before 9.3 H02 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-spectrumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-1611
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-3.5||LOW
EPSS-0.28% / 51.00%
||
7 Day CHG~0.00%
Published-09 May, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in administrative-interface pages in the management console in Symantec Brightmail Gateway 9.5.x allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-brightmail_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5838
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.50% / 64.80%
||
7 Day CHG~0.00%
Published-13 May, 2020 | 15:42
Updated-04 Aug, 2024 | 08:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-it_analyticsIT Analytics
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-9701
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.48% / 64.30%
||
7 Day CHG~0.00%
Published-19 Jun, 2019 | 15:55
Updated-04 Aug, 2024 | 21:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-data_loss_preventionData Loss Prevention
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-6588
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.4||MEDIUM
EPSS-0.47% / 63.62%
||
7 Day CHG~0.00%
Published-08 Jan, 2020 | 16:13
Updated-06 Aug, 2024 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting (XSS) vulnerability exists in the ITMS workflow process manager console in Symantec IT Management Suite 8.0.

Action-Not Available
Vendor-Symantec Corporation
Product-it_management_suiteIT Management Suite
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-5305
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.4||MEDIUM
EPSS-0.46% / 62.97%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via a "DOM link manipulation" attack.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-3652
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-5.4||MEDIUM
EPSS-0.91% / 74.85%
||
7 Day CHG~0.00%
Published-30 Jun, 2016 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-18378
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 53.99%
||
7 Day CHG~0.00%
Published-11 Dec, 2019 | 15:49
Updated-05 Aug, 2024 | 01:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-messaging_gatewaySymantec Messaging Gateway
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12754
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.65% / 69.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 22:27
Updated-04 Aug, 2024 | 23:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy.

Action-Not Available
Vendor-Symantec Corporation
Product-vipMy VIP Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-11291
Matching Score-10
Assigner-VMware by Broadcom
ShareView Details
Matching Score-10
Assigner-VMware by Broadcom
CVSS Score-3.1||LOW
EPSS-0.48% / 64.27%
||
7 Day CHG~0.00%
Published-22 Nov, 2019 | 22:56
Updated-02 Apr, 2025 | 14:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
RabbitMQ XSS attack via federation and shovel endpoints

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.

Action-Not Available
Vendor-Broadcom Inc.Red Hat, Inc.VMware (Broadcom Inc.)
Product-rabbitmq_serveropenstackrabbitmqRabbitMQRabbitMQ for Pivotal Platform
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-13678
Matching Score-10
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-10
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.8||MEDIUM
EPSS-0.31% / 53.77%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 23:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-advanced_secure_gatewaysymantec_proxysgProxySGAdvanced Secure Gateway (ASG)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-20868
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.58%
||
7 Day CHG~0.00%
Published-26 May, 2023 | 00:00
Updated-13 Aug, 2025 | 12:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.

Action-Not Available
Vendor-n/aBroadcom Inc.VMware (Broadcom Inc.)
Product-vmware_nsx-t_data_centerNSX-T
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0550
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.72% / 71.53%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protectionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-0552
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.03%
||
7 Day CHG~0.00%
Published-02 Oct, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec IM Manager before 8.4.18 allow remote attackers to inject arbitrary web script or HTML via the (1) refreshRateSetting parameter to IMManager/Admin/IMAdminSystemDashboard.asp, the (2) nav or (3) menuitem parameter to IMManager/Admin/IMAdminTOC_simple.asp, or the (4) action parameter to IMManager/Admin/IMAdminEdituser.asp.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-im_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-6590
Matching Score-6
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-6
Assigner-CA Technologies - A Broadcom Company
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 49.69%
||
7 Day CHG~0.00%
Published-03 Aug, 2018 | 14:00
Updated-16 Sep, 2024 | 22:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CA API Developer Portal 4.x, prior to v4.2.5.3 and v4.2.7.1, has an unspecified reflected cross-site scripting vulnerability.

Action-Not Available
Vendor-Broadcom Inc.
Product-ca_api_developer_portalCA API Developer Portal
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10257
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.50%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 02:00
Updated-16 Sep, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-advanced_secure_gatewaysymantec_proxysgProxySGASG
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3036
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.75% / 72.23%
||
7 Day CHG~0.00%
Published-23 Feb, 2010 | 20:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the console in Symantec IM Manager 8.3 and 8.4 before 8.4.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-im_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-3030
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.78% / 72.71%
||
7 Day CHG~0.00%
Published-15 Oct, 2009 | 10:00
Updated-07 Aug, 2024 | 06:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."

Action-Not Available
Vendor-n/aSymantec Corporation
Product-securityexpressions_audit_and_compliance_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10256
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.50%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 02:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10257.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-symantec_proxysgProxySG
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-6449
Matching Score-6
Assigner-Brocade Communications Systems, LLC
ShareView Details
Matching Score-6
Assigner-Brocade Communications Systems, LLC
CVSS Score-6.1||MEDIUM
EPSS-0.27% / 50.16%
||
7 Day CHG~0.00%
Published-25 Sep, 2020 | 13:08
Updated-05 Aug, 2024 | 06:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-fabric_operating_systemBrocade Fabric OS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2015-8699
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.38% / 58.50%
||
7 Day CHG+0.03%
Published-29 Jun, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in CA Release Automation (formerly LISA Release Automation) 5.0.2 before 5.0.2-227, 5.5.1 before 5.5.1-1616, 5.5.2 before 5.5.2-434, and 6.1.0 before 6.1.0-1026 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-release_automationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2009-0063
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.72% / 71.53%
||
7 Day CHG~0.00%
Published-24 Apr, 2009 | 15:00
Updated-07 Aug, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-brightmail_gateway_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18370
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.21%
||
7 Day CHG~0.00%
Published-29 Aug, 2019 | 22:13
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2.

Action-Not Available
Vendor-Broadcom Inc.Symantec Corporation
Product-advanced_secure_gatewaysymantec_proxysgSymantec Advanced Secure Gateway (ASG)Symantec ProxySG
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-19547
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-1.07% / 76.85%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 15:10
Updated-05 Aug, 2024 | 02:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may be susceptible to a cross site scripting (XSS) issue. XSS is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. An XSS vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

Action-Not Available
Vendor-Symantec CorporationFedora Project
Product-fedoraendpoint_detection_and_responseEndpoint Detection and Response (SEDR)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-13825
Matching Score-6
Assigner-CA Technologies - A Broadcom Company
ShareView Details
Matching Score-6
Assigner-CA Technologies - A Broadcom Company
CVSS Score-6.1||MEDIUM
EPSS-0.24% / 46.86%
||
7 Day CHG~0.00%
Published-30 Aug, 2018 | 14:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.

Action-Not Available
Vendor-Broadcom Inc.
Product-project_portfolio_managementPPM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18362
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.43% / 61.75%
||
7 Day CHG~0.00%
Published-06 Dec, 2018 | 19:00
Updated-05 Aug, 2024 | 11:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

Action-Not Available
Vendor-Symantec Corporation
Product-norton_password_managerNorton Password Manager
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-9649
Matching Score-6
Assigner-Canonical Ltd.
ShareView Details
Matching Score-6
Assigner-Canonical Ltd.
CVSS Score-4.3||MEDIUM
EPSS-0.32% / 54.29%
||
7 Day CHG~0.00%
Published-27 Jan, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.

Action-Not Available
Vendor-n/aVMware (Broadcom Inc.)Broadcom Inc.
Product-rabbitmq_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-9230
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.76%
||
7 Day CHG~0.00%
Published-28 Jun, 2015 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-data_loss_preventionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-8247
Matching Score-6
Assigner-CERT/CC
ShareView Details
Matching Score-6
Assigner-CERT/CC
CVSS Score-4.3||MEDIUM
EPSS-1.22% / 78.29%
||
7 Day CHG~0.00%
Published-16 Dec, 2014 | 23:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-release_automationn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-12246
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-22 Oct, 2018 | 19:00
Updated-16 Sep, 2024 | 22:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.

Action-Not Available
Vendor-Symantec Corporation
Product-web_isolationSymantec Web Isolation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3432
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.64%
||
7 Day CHG~0.00%
Published-27 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-data_insightn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3433
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.45% / 62.65%
||
7 Day CHG~0.00%
Published-27 Jun, 2014 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an "HTML script injection" issue.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-data_insightn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3438
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-16.18% / 94.55%
||
7 Day CHG~0.00%
Published-07 Nov, 2014 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in console interface scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-endpoint_protection_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-12241
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-6.1||MEDIUM
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-27 Nov, 2018 | 18:00
Updated-05 Aug, 2024 | 08:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.

Action-Not Available
Vendor-Symantec Corporation
Product-security_analyticsSymantec Security Analytics (SA)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1652
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-2.3||LOW
EPSS-0.53% / 66.42%
||
7 Day CHG~0.00%
Published-18 Jun, 2014 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console in Symantec Web Gateway (SWG) before 5.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified report parameters.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-1648
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.03%
||
7 Day CHG~0.00%
Published-23 Apr, 2014 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-messaging_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-37790
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-08 Nov, 2023 | 00:00
Updated-04 Sep, 2024 | 15:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jaspersoft Clarity PPM version 14.3.0.298 was discovered to contain an arbitrary file upload vulnerability via the Profile Picture Upload function.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-clarityn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2008-4119
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.76% / 72.29%
||
7 Day CHG~0.00%
Published-27 Sep, 2008 | 00:00
Updated-07 Aug, 2024 | 10:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk 11.2 and CMDB 11.0 through 11.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "multiple web forms."

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-cmdbservice_deskn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5968
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.30% / 52.65%
||
7 Day CHG~0.00%
Published-29 Oct, 2013 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through 12.51, and SiteMinder 6 Web Agents, allows remote attackers to inject arbitrary web script or HTML via vectors involving a " (double quote) character.

Action-Not Available
Vendor-n/aCA Technologies (Broadcom Inc.)Broadcom Inc.
Product-web_agentssitemindern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4674
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.39% / 59.03%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-pgp_universal_serverencryption_management_servern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-4670
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-1.01% / 76.21%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 15:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gateway_appliance_8490web_gateway_appliance_8450web_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22243
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.04% / 10.56%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 19:31
Updated-14 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.

Action-Not Available
Vendor-Broadcom Inc.VMware (Broadcom Inc.)
Product-vmware_nsxcloud_foundationtelco_cloud_platformtelco_cloud_infrastructureVMware NSX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22244
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 12.67%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 19:32
Updated-14 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.

Action-Not Available
Vendor-Broadcom Inc.VMware (Broadcom Inc.)
Product-vmware_nsxcloud_foundationtelco_cloud_platformtelco_cloud_infrastructureVMware NSX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-5013
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.64%
||
7 Day CHG~0.00%
Published-11 Feb, 2014 | 02:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console on the Symantec Web Gateway (SWG) appliance before 5.2 allow remote attackers to inject arbitrary web script or HTML via (1) vectors involving PHP scripts and (2) unspecified other vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-web_gatewayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-22245
Matching Score-6
Assigner-VMware by Broadcom
ShareView Details
Matching Score-6
Assigner-VMware by Broadcom
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 10.12%
||
7 Day CHG~0.00%
Published-04 Jun, 2025 | 19:32
Updated-14 Jul, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.

Action-Not Available
Vendor-Broadcom Inc.VMware (Broadcom Inc.)
Product-vmware_nsxcloud_foundationtelco_cloud_platformtelco_cloud_infrastructureVMware NSX
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-2630
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 45.20%
||
7 Day CHG~0.00%
Published-31 Jul, 2013 | 10:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in CA Service Desk Manager 12.5 through 12.7 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Action-Not Available
Vendor-n/aBroadcom Inc.
Product-service_desk_managern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2013-1614
Matching Score-6
Assigner-Symantec - A Division of Broadcom
ShareView Details
Matching Score-6
Assigner-Symantec - A Division of Broadcom
CVSS Score-4.3||MEDIUM
EPSS-0.35% / 56.65%
||
7 Day CHG~0.00%
Published-08 Jul, 2013 | 17:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the management console (aka Java console) on the Symantec Security Information Manager (SSIM) appliance 4.7.x and 4.8.x before 4.8.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-n/aSymantec Corporation
Product-security_information_managersecurity_information_manager_appliancen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 126
  • 127
  • Next
Details not found