CVE-2011-1524

Name of the Vulnerable Software and Affected Versions Symantec LiveUpdate Administrator (LUA) versions prior to 2.3

Description A cross-site scripting (XSS) issue exists in the management login GUI page, allowing remote attackers to inject arbitrary web script or HTML via the username field. This can be demonstrated by injecting an IFRAME element into the event log.

Recommendations For versions prior to 2.3, update to version 2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the management login GUI page to minimize the risk of exploitation. Avoid using the username field in the affected login page until the issue is resolved.