CVE-2019-9701: XSS
First published: Wed Jun 19 2019(Updated: )
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Data Loss Prevention (DLP) | =14.0 | |
| Symantec Data Loss Prevention (DLP) | =14.0.1 | |
| Symantec Data Loss Prevention (DLP) | =14.0.2 | |
| Symantec Data Loss Prevention (DLP) | =14.5 | |
| Symantec Data Loss Prevention (DLP) | =14.5-mp1 | |
| Symantec Data Loss Prevention (DLP) | =14.6 | |
| Symantec Data Loss Prevention (DLP) | =14.6-mp1 | |
| Symantec Data Loss Prevention (DLP) | =14.6-mp2 | |
| Symantec Data Loss Prevention (DLP) | =14.6-mp3 | |
| Symantec Data Loss Prevention (DLP) | =15.0 | |
| Symantec Data Loss Prevention (DLP) | =15.0-mp1 | |
| Symantec Data Loss Prevention (DLP) | =15.1 | |
| Symantec Data Loss Prevention (DLP) | =15.1-mp1 | |
| Symantec Data Loss Prevention (DLP) | =15.5 | |
| Symantec Data Loss Prevention (DLP) | =15.5-mp1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2019-9701?
CVE-2019-9701 is categorized as a high severity cross-site scripting (XSS) vulnerability.
How do I fix CVE-2019-9701?
To fix CVE-2019-9701, upgrade to the latest version of Symantec Data Loss Prevention that addresses this vulnerability.
What versions of Symantec Data Loss Prevention are affected by CVE-2019-9701?
CVE-2019-9701 affects Symantec Data Loss Prevention versions 15.5 MP1 and all prior versions.
What type of attack is associated with CVE-2019-9701?
CVE-2019-9701 allows for cross-site scripting attacks, which can inject malicious scripts into web pages viewed by users.
Can CVE-2019-9701 be exploited remotely?
Yes, CVE-2019-9701 can be exploited remotely if an attacker can send crafted requests to a vulnerable instance of Symantec Data Loss Prevention.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/symantec
- canonical/symantec data loss prevention (dlp)
- version/symantec data loss prevention (dlp)/14.0
- version/symantec data loss prevention (dlp)/14.0.1
- version/symantec data loss prevention (dlp)/14.0.2
- version/symantec data loss prevention (dlp)/14.5
- version/symantec data loss prevention (dlp)/14.5-mp1
- version/symantec data loss prevention (dlp)/14.6
- version/symantec data loss prevention (dlp)/14.6-mp1
- version/symantec data loss prevention (dlp)/14.6-mp2
- version/symantec data loss prevention (dlp)/14.6-mp3
- version/symantec data loss prevention (dlp)/15.0
- version/symantec data loss prevention (dlp)/15.0-mp1
- version/symantec data loss prevention (dlp)/15.1
- version/symantec data loss prevention (dlp)/15.1-mp1
- version/symantec data loss prevention (dlp)/15.5
- version/symantec data loss prevention (dlp)/15.5-mp1