Symantec DLP CVE-2019-9701 Cross Site Scripting Vulnerability

Symantec DLP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Symantec DLP versions prior to 15.5 MP1 are vulnerable.

Information

Bugtraq ID: 108733
Class: Input Validation Error
CVE: CVE-2019-9701

Remote: Yes
Local: No
Published: Jun 19 2019 12:00AM
Updated: Jun 19 2019 12:00AM
Credit: Chapman Schleiss @_r3naissance
Vulnerable: Symantec DLP 15.5
Symantec DLP 15.1
Symantec DLP 15.0

Not Vulnerable: Symantec DLP 15.5 MP1

Exploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

References:

Symantec Home Page (Symantec)
SYMSA1484: DLP Cross Site Scripting (Symantec)

Source: www.securityfocus.com

Exploit Collector

Search Exploit