CVE-2011-0552

Name of the Vulnerable Software and Affected Versions Symantec IM Manager versions prior to 8.4.18

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the management console. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters, including the refreshRateSetting parameter to "IMManager/Admin/IMAdminSystemDashboard.asp", the nav or menuitem parameter to "IMManager/Admin/IMAdminTOC simple.asp", or the action parameter to "IMManager/Admin/IMAdminEdituser.asp".

Recommendations For Symantec IM Manager versions prior to 8.4.18, update to version 8.4.18 or later to resolve the issue. As a temporary workaround, consider restricting access to the management console and avoiding the use of the vulnerable parameters refreshRateSetting, nav, menuitem, and action in the affected API endpoints until the issue is resolved.