E19-0y6t1
CVSS:
3.5 (AV:N/AC:M/Au:S/C:N/I:P/A:N)
False Positive:
f
Variants:
1
Year:
2019
Description
This strike simulates a stored XSS attack on Symantec DLP 15.5 MP1. The flaw exists in /ProtectManager/enforce/admin/senderrecipientpatterns/list endpoint due to lack of sanitization for the name parameter. A successful authenticated attacker is thus able gain control of victims browser.
CVE
References
MSB
BID
ExploitDB
Secunia
Security Tracker
Metasploit
ZDI
OSVDB
{}
