CVE-2014-9230
Summary
| CVE | CVE-2014-9230 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-06-28 19:59:00 UTC |
| Updated | 2017-09-22 01:29:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Symantec | Data Loss Prevention | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Symantec Data Loss Prevention CVE-2014-9230 Multiple HTML Injection Vulnerabilities | BID | www.securityfocus.com | |
| Security Advisories Relating to Symantec Products - Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site Request Forgery Issues - 2015-06-22T10:15:56 PDT | Symantec | CONFIRM | www.symantec.com | Vendor Advisory |
| Symantec Data Loss Prevention Enforce Server Input Validation Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks - SecurityTracker | SECTRACK | www.securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.