CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3030
https://notcve.org/view.php?id=CVE-2009-3030
Cross-site scripting (XSS) vulnerability in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote attackers to inject arbitrary web script or HTML via vectors that trigger an error message in a response, related to an "HTML Injection issue." Vulnerabilidad de Ejecución de secuencias de comandos en sitios cruzados (XSS) en Symantec SecurityExpressions Audit y Compliance Server v4.1.1, v4.1 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que desencadenan un mensaje de error en una respuesta, relacionada con una "incidencia de inyección HTML". • http://secunia.com/advisories/36972 http://securitytracker.com/id?1022989 http://www.osvdb.org/58650 http://www.securityfocus.com/bid/36571 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00 http://www.vupen.com/english/advisories/2009/2849 https://exchange.xforce.ibmcloud.com/vulnerabilities/53669 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2009-3029
https://notcve.org/view.php?id=CVE-2009-3029
Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via "external client input" that triggers crafted error messages. Ejecución de comandos en sitios cruzados (XSS) en la consola de Symantec SecurityExpressions Audit y Compliance Server v4.1.1, v4.1 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a través de la "entrada de clientes externos" lo cual provoca mensajes de error manipulados. • http://secunia.com/advisories/36972 http://securitytracker.com/id?1022989 http://www.osvdb.org/58651 http://www.securityfocus.com/bid/36570 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00 http://www.vupen.com/english/advisories/2009/2849 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •