• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Multiple Symantec Products Log Viewer Multiple Script Injection Vulnerabilities

Multiple Symantec products are prone to multiple script-injection vulnerabilities because the applications fail to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

These issues affect the following products:

Norton 360 1.0
Norton Internet Security 2005 through 2008
Symantec AntiVirus 9.0MR6 and earlier
Symantec AntiVirus 10.1 MR7 and earlier
Symantec AntiVirus 10.2 MR1 and earlier
Symantec Endpoint Protection 11.0
Symantec Client Security 2.0 MR6 and earlier
Symantec Client Security 3.1 MR7 and earlier

http://drupal.org/node/207891