Arbitrary Web Script Injection in Symantec Critical System Protection and Data Center Security

Arbitrary Web Script Injection in Symantec Critical System Protection and Data Center Security

CVE-2014-9224 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Learn more about our Web App Pen Testing.