CVE-2016-3652

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection Manager versions prior to 12.1 RU6 MP5

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in management scripts. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Symantec Endpoint Protection Manager versions prior to 12.1 RU6 MP5, update to version 12.1 RU6 MP5 or later to resolve the issue. As a temporary workaround, consider restricting access to the management scripts to minimize the risk of exploitation.