Vulnerability Description
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Liveupdate Administrator | <= 2.2.2.9 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/8166
- http://securitytracker.com/id?1025242Exploit
- http://sotiriu.de/adv/NSOADV-2011-001.txtExploit
- http://www.exploit-db.com/exploits/17026Exploit
- http://www.securityfocus.com/archive/1/517109/100/0/threaded
- http://www.securityfocus.com/bid/46856Exploit
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securit
- http://www.vupen.com/english/advisories/2011/0727Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66213
- http://securityreason.com/securityalert/8166
- http://securitytracker.com/id?1025242Exploit
- http://sotiriu.de/adv/NSOADV-2011-001.txtExploit
- http://www.exploit-db.com/exploits/17026Exploit
- http://www.securityfocus.com/archive/1/517109/100/0/threaded
- http://www.securityfocus.com/bid/46856Exploit
FAQ
What is CVE-2011-1524?
CVE-2011-1524 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the u...
How severe is CVE-2011-1524?
CVE-2011-1524 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1524?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Liveupdate Administrator.