CVE-2011-0550

Name of the Vulnerable Software and Affected Versions Symantec Endpoint Protection versions 11.0.600x through 11.0.6300

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Web Interface of the Endpoint Protection Manager. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the token parameter to "portal/Help.jsp" or the URI in a "console/apps/sepm" request.

Recommendations For Symantec Endpoint Protection versions 11.0.600x through 11.0.6300, consider restricting access to the Web Interface until a fix is available. As a temporary workaround, avoid using the token parameter in the "portal/Help.jsp" endpoint and restrict the URI in "console/apps/sepm" requests to minimize the risk of exploitation.