CVE-2009-3030

Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
symantecsecurityexpressions_audit_and_compliance_server
𝑥
≤ 4.1.1
symantecsecurityexpressions_audit_and_compliance_server
4.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/36972
http://securitytracker.com/id?1022989
http://www.osvdb.org/58650
http://www.securityfocus.com/bid/36571
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00
http://www.vupen.com/english/advisories/2009/2849
https://exchange.xforce.ibmcloud.com/vulnerabilities/53669
http://secunia.com/advisories/36972
http://securitytracker.com/id?1022989
http://www.osvdb.org/58650
http://www.securityfocus.com/bid/36571
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00
http://www.vupen.com/english/advisories/2009/2849
https://exchange.xforce.ibmcloud.com/vulnerabilities/53669