Vulnerability Details CVE-2018-12241
The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker with knowledge of the SA web UI hostname or IP address can craft a malicious URL for the SA web UI and target SA web UI users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious JavaScript code into the SA web UI client application.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2018-12241
-
cpe:2.3:a:symantec:security_analytics:7.2.1
-
cpe:2.3:a:symantec:security_analytics:7.2.2
-
cpe:2.3:a:symantec:security_analytics:7.2.3
-
cpe:2.3:a:symantec:security_analytics:7.2.7
-
cpe:2.3:a:symantec:security_analytics:7.3
-
cpe:2.3:a:symantec:security_analytics:7.3.1
-
cpe:2.3:a:symantec:security_analytics:7.3.2
-
cpe:2.3:a:symantec:security_analytics:7.3.3