CVE-2018-12246

Name of the Vulnerable Software and Affected Versions Symantec Web Isolation (WI) versions 1.11 through 1.11.20

Description The issue allows a remote attacker to target end users with social engineering attacks using crafted URLs for legitimate websites, potentially injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. This does not affect the real (isolated) copy of the website running on the WI Threat Isolation Engine. The vulnerability exists due to inadequate protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary code into a loaded web page using a specially formed URI address.

Recommendations For Symantec Web Isolation (WI) versions 1.11 through 1.11.20, update to version 1.11.21 or later to resolve the issue.