CVE-2014-9224

Name of the Vulnerable Software and Affected Versions Symantec Critical System Protection (SCSP) versions 5.2.9 through MP6 Symantec Data Center Security: Server Advanced (SDCS:SA) versions 6.0.x through 6.0 MP1

Description A cross-site scripting (XSS) issue exists in the ajaxswing webui component of the Management Console server. This allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For Symantec Critical System Protection (SCSP) versions 5.2.9 through MP6, update to a version later than MP6 to resolve the issue. For Symantec Data Center Security: Server Advanced (SDCS:SA) versions 6.0.x through 6.0 MP1, update to a version later than 6.0 MP1 to resolve the issue.