CVE-2009-3030

Name of the Vulnerable Software and Affected Versions: Symantec SecurityExpressions Audit and Compliance Server versions 4.1.1, 4.1, and earlier

Description: The issue is related to a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML. This is achieved via vectors that trigger an error message in a response, which is also described as an "HTML Injection issue."

Recommendations: For Symantec SecurityExpressions Audit and Compliance Server versions 4.1.1, 4.1, and earlier, update to a version that is not affected by this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.