Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1524

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
4.3MEDIUM
EPSS
20.5%
top 4.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Symantec Liveupdate Administrator
Timeline
PublishedMar 28
Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-v8rv-j5gp-8rx6: Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 22022-05-14
CVEList
CVE-2011-1524: Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 22011-03-28

💥Exploits & PoCs

1
Exploit-DB
Symantec LiveUpdate Administrator Management GUI - HTML Injection2011-03-23
CVE-2011-1524 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io