{"api_version":"1","generated_at":"2026-04-23T11:59:40+00:00","cve":"CVE-2014-9230","urls":{"html":"https://cve.report/CVE-2014-9230","api":"https://cve.report/api/cve/CVE-2014-9230.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-9230","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-9230"},"summary":{"title":"CVE-2014-9230","description":"Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","state":"PUBLIC","assigner":"secure@symantec.com","published_at":"2015-06-28 19:59:00","updated_at":"2017-09-22 01:29:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/75288","name":"75288","refsource":"BID","tags":[],"title":"Symantec Data Loss Prevention CVE-2014-9230 Multiple HTML Injection Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00","name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00","refsource":"CONFIRM","tags":["Vendor Advisory"],"title":"Security Advisories Relating to Symantec Products - Symantec Data Loss Prevention Enforce Server Administration Console Cross-site Scripting, Cross-site Request Forgery Issues - 2015-06-22T10:15:56 PDT\n\t| Symantec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1032710","name":"1032710","refsource":"SECTRACK","tags":[],"title":"Symantec Data Loss Prevention Enforce Server Input Validation Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-9230","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-9230","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"9230","vulnerable":"1","versionEndIncluding":"12.5.1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"data_loss_prevention","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","ID":"CVE-2014-9230","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"75288","refsource":"BID","url":"http://www.securityfocus.com/bid/75288"},{"name":"1032710","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1032710"},{"name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00","refsource":"CONFIRM","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150622_00"}]}},"nvd":{"publishedDate":"2015-06-28 19:59:00","lastModifiedDate":"2017-09-22 01:29:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:symantec:data_loss_prevention:*:*:*:*:*:*:*:*","versionEndIncluding":"12.5.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"9230","Ordinal":"76649","Title":"CVE-2014-9230","CVE":"CVE-2014-9230","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"9230","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"9230","Ordinal":"2","NoteData":"2015-06-28","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"9230","Ordinal":"3","NoteData":"2017-09-21","Type":"Other","Title":"Modified"}]}}}