CVE-2009-3029

Name of the Vulnerable Software and Affected Versions: Symantec SecurityExpressions Audit and Compliance Server versions 4.1.1, 4.1, and earlier

Description: The issue is related to a cross-site scripting (XSS) vulnerability in the console. This vulnerability allows remote authenticated users to inject arbitrary web script or HTML via external client input that triggers crafted error messages.

Recommendations: For Symantec SecurityExpressions Audit and Compliance Server versions 4.1.1, 4.1, and earlier, consider restricting access to the console to minimize the risk of exploitation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.