Symantec IM Manager Console Cross Site Scripting Vulnerability Network Vulnerability

Summary

This host is installed with Symantec IM Manager and is prone to Cross Site Scripting vulnerability.

Impact

Successful exploitation allows attackers to execute arbitrary script code. Impact Level: Application

Solution

Update to Symantec IM Manager version 8.4.13 For updates refer to http://www.symantec.com/business/im-manager

Insight

The flaw is caused due input validation error in the 'management console', which fails to properly filter/validate external input from non-privileged users with authorized access to the console.

Affected

Symantec IM Manager version 8.3 and 8.4 before 8.4.13

References

http://secunia.com/advisories/38672
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2010&suid=20100218_00
http://www.vupen.com/english/advisories/2010/0438

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3036

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Rave User Information Disclosure Vulnerability
Apache Struts Directory Traversal Vulnerability
Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
Apache Archiva Home Page Cross-Site Scripting vulnerability

Take action and discover your vulnerabilities