Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
BID:106055
CVE-2018-18362 |Info
Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
| Bugtraq ID: | 106055 |
| Class: | Input Validation Error |
| CVE: |
CVE-2018-18362 |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 06 2018 12:00AM |
| Updated: | Dec 06 2018 12:00AM |
| Credit: | Luigi Gubello <[email protected]> |
| Vulnerable: |
Symantec Norton Password Manager 6.0 |
| Not Vulnerable: |
Symantec Norton Password Manager 6.1.0.1045 |
Discussion
Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
Symantec Norton Password Manager for Android is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Symantec Norton Password Manager for Android 6.1.0.1045 are vulnerable.
Symantec Norton Password Manager for Android is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
Successful exploits will result in the execution of arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Versions prior to Symantec Norton Password Manager for Android 6.1.0.1045 are vulnerable.
Exploit / POC
Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Symantec Norton Password Manager for Android CVE-2018-18362 Local Cross Site Scripting Vulnerability
References:
References:
- Symantec Homepage (Symantec)
- SYMSA1470: Norton Password Manager XSS (Symantec)