CVE-2014-3433

Name of the Vulnerable Software and Affected Versions Symantec Data Insight versions 3.x through 4.x before 4.5

Description A cross-site scripting (XSS) issue exists in the management console, allowing remote attackers to inject arbitrary web script or HTML via an unspecified form field. This is related to an "HTML script injection" issue.

Recommendations For Symantec Data Insight versions 3.x through 4.x before 4.5, update to version 4.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the management console to minimize the risk of exploitation.