CVE-2016-3652: XSS
First published: Thu Jun 30 2016(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Endpoint Protection | <=12.1.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-3652?
CVE-2016-3652 is classified as a medium severity vulnerability.
How do I fix CVE-2016-3652?
To mitigate CVE-2016-3652, upgrade Symantec Endpoint Protection Manager to version 12.1.6 RU6 MP5 or later.
Who is affected by CVE-2016-3652?
CVE-2016-3652 affects remote authenticated users of Symantec Endpoint Protection Manager versions prior to 12.1.6 RU6 MP5.
What types of attacks can be executed due to CVE-2016-3652?
CVE-2016-3652 allows attackers to perform cross-site scripting (XSS) attacks through management scripts.
When was CVE-2016-3652 discovered?
CVE-2016-3652 was publicly disclosed in 2016.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec endpoint protection
- version/symantec endpoint protection/12.1.6