| Vulnerability Name: | CVE-2016-3652 (CCN-114605) | ||||||||||||
| Assigned: | 2016-06-28 | ||||||||||||
| Published: | 2016-06-28 | ||||||||||||
| Updated: | 2017-09-03 | ||||||||||||
| Summary: | Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | ||||||||||||
| CVSS v3 Severity: | 5.4 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N) 4.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
5.3 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C)
| ||||||||||||
| CVSS v2 Severity: | 3.5 Low (CVSS v2 Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N)
| ||||||||||||
| Vulnerability Type: | CWE-79 | ||||||||||||
| Vulnerability Consequences: | Cross-Site Scripting | ||||||||||||
| References: | Source: MITRE Type: CNA CVE-2016-3652 Source: BID Type: UNKNOWN 91444 Source: CCN Type: BID-91444 Symantec Endpoint Protection Manager and Client Multiple Cross Site Scripting Vulnerabilities Source: SECTRACK Type: UNKNOWN 1036196 Source: XF Type: UNKNOWN symantec-cve20163652-xss(114605) Source: CCN Type: Packet Storm Security [06-30-2016] Symantec Endpoint Protection 12.1 CSRF / XSS / Open Redirect Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-29-2016] Source: EXPLOIT-DB Type: UNKNOWN 40041 Source: CCN Type: Symantec Security Advisory SYM16-011 Symantec Endpoint Protection Manager Multiple Security Issues Source: CONFIRM Type: Vendor Advisory https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_01 | ||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||
| BACK | |||||||||||||