CVE-2018-18362

CWE-79 — Cross-site Scripting (XSS)5 documents4 sources

Severity

6.1MEDIUM

EPSS

0.4%

top 37.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Norton Password Manager Symantec Corporation Norton Password Manager

Timeline

PublishedDec 6

Latest updateMar 25

Description

Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDsymantec/norton_password_manager< 6.1.0.1045

▶CVEListV5symantec_corporation/norton_password_managerPrior to 6.1.0.1045

🔴Vulnerability Details

GHSA

GHSA-c6q8-mrx8-v92f: Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of iss↗2022-05-14

▶

CVEList

CVE-2018-18362: Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of iss↗2018-12-06

▶

💥Exploits & PoCs

Exploit-DB

System Mechanic v15.5.0.61 - Arbitrary Read/Write↗2023-03-25

▶

Exploit-DB

Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)↗2019-12-18

▶