Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2014-9224

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

3.5LOW

EPSS

4.0%

top 11.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom Symantec Critical System Protection Symantec Data Center Security

Timeline

PublishedJan 21

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages2 packages

▶NVDsymantec/data_center_security6.0.0

▶NVDbroadcom/symantec_critical_system_protection5.2.9

🔴Vulnerability Details

GHSA

GHSA-4jgr-5qw5-7m4m: Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System↗2022-05-13

▶

CVEList

CVE-2014-9224: Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System↗2015-01-21

▶

💥Exploits & PoCs

Exploit-DB

Symantec Data Center Security - Multiple Vulnerabilities↗2015-01-26

▶