Summary
This host is installed with Symantec IM Manager and is prone to Cross Site Scripting vulnerability.
Impact
Successful exploitation allows attackers to execute arbitrary script code.
Impact Level: Application
Solution
Update to Symantec IM Manager version 8.4.13
For updates refer to http://www.symantec.com/business/im-manager
Insight
The flaw is caused due input validation error in the 'management console', which fails to properly filter/validate external input from non-privileged users with authorized access to the console.
Affected
Symantec IM Manager version 8.3 and 8.4 before 8.4.13
References
Severity
Classification
-
CVE CVE-2009-3036 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
- Apache Tomcat TroubleShooter Servlet Installed
- Apache Struts Cross Site Scripting Vulnerability
- Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability