{ "id": "CVE-2014-9224", "sourceIdentifier": "secure@symantec.com", "published": "2015-01-21T15:17:05.747", "lastModified": "2025-04-12T10:46:40.837", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors." }, { "lang": "es", "value": "Vulnerabilidad XSS en la WebUI ajaxswing en el servidor Management Console en la administraci\u00f3n del servidor en Symantec Critical System Protection (SCSP) 5.2.9 a trav\u00e9s de MP6 y Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x a trav\u00e9s 6.0 MP1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "baseScore": 3.5, "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE" }, "baseSeverity": "LOW", "exploitabilityScore": 6.8, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "4376B4E1-D8F4-4637-A884-B67DB2856976" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*", "matchCriteriaId": "6D34F7FE-41FE-4C25-A680-E968AF454770" } ] } ] } ], "references": [ { "url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", "source": "secure@symantec.com" }, { "url": "http://seclists.org/fulldisclosure/2015/Jan/91", "source": "secure@symantec.com" }, { "url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded", "source": "secure@symantec.com" }, { "url": "http://www.securityfocus.com/bid/72093", "source": "secure@symantec.com" }, { "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", "source": "secure@symantec.com", "tags": [ "Vendor Advisory" ] }, { "url": "http://packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.html", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://seclists.org/fulldisclosure/2015/Jan/91", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/archive/1/534527/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.securityfocus.com/bid/72093", "source": "af854a3a-2127-422b-91ae-364da2661108" }, { "url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150119_00", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ] } ] }