CVE-2009-1428

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

1.4%

top 19.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Antivirus Symantec Endpoint Protection Symantec Norton 360 +1 more

Timeline

PublishedApr 29

Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in the Symantec Log Viewer, as used in Symantec AntiVirus (SAV) before 10.1 MR8, Symantec Endpoint Protection (SEP) 11.0 before 11.0 MR1, Norton 360 1.0, and Norton Internet Security 2005 through 2008, allow remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, related to "two parsing errors."

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDsymantec/norton_internet_security5 versions+4

▶NVDsymantec/norton_3601.0

▶NVDsymantec/endpoint_protection11.0

▶NVDsymantec/antivirus10.1+13

🔴Vulnerability Details

GHSA

GHSA-xfqv-xv6x-g6g8: Multiple cross-site scripting (XSS) vulnerabilities in ccLgView↗2022-05-02

▶

CVEList

CVE-2009-1428: Multiple cross-site scripting (XSS) vulnerabilities in ccLgView↗2009-04-29

▶