Cross Site Scripting XSS Vulnerabilities With IM Manager

Article:TECH98307  |  Created: 2009-01-29  |  Updated: 2012-08-01  |  Article URL http://www.symantec.com/docs/TECH98307
Article Type
Technical Solution

Product(s)

Languages

Problem



Security vulnerability tools report the following web pages from the IM Manager system are vulnerable to cross-site scripting XSS security issues:




IM Manager Self-Registration Page

http://[server]/IMManager/public/IMEmployee.asp



Manage Annotations Page

1. Open IM Manager Reviewer UI page

2. Navigate to Reviewer Console | Manager Annotations

http://[server]/immanager/user/IMUserAnnotations.asp


Manage Keywords

1. Open IM Manager Reviewer UI page

2. Navigate to Reviewer Console | Manager Keywords

http://[server]/immanager/user/IMUserEditKeyword.asp?action=add

 


Solution



Upgrade to IM Manager 8.4.13 or higher.


References
Security Advisories Relating to Symantec Products - Symantec IM Manager Local-Access Cross-site Scripting



 

Supplemental Materials

Value1914715 1920147

Legacy ID



2009122910463154


Article URL http://www.symantec.com/docs/TECH98307


Terms of use for this information are found in Legal Notices

Please Sign In

Login using SymAccount.

Knowledge Base Search

Knowledge Base Search

Rate this Article

Help us improve your support experience.

MySymantec

MySymantec

Contacting Support

Contacting Support