CVE-2024-38493Cross-site Scripting in Symantec Privileged Access Management

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 74.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Broadcom Symantec Privileged Access Management
Timeline
PublishedJul 15

Description

A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L

Affected Packages2 packages

CVEListV5broadcom/symantec_privileged_access_management3.4.6, 4.1.0 - 4.1.7+1

🔴Vulnerability Details

2
CVEList
Symantec Privileged Access Manager Reflected Cross Site Scripting vulnerability2024-07-15
GHSA
GHSA-jm8h-r9wg-2qjw: A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface2024-07-15
CVE-2024-38493 — Cross-site Scripting | cvebase