CVE-2009-3029

{"id": "CVE-2009-3029", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-10-15T10:30:00.453", "references": [{"url": "http://secunia.com/advisories/36972", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1022989", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/58651", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/36570", "tags": ["Patch"], "source": "cve@mitre.org"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2009/2849", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36972", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1022989", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/58651", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/36570", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20091006_00", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2009/2849", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the console in Symantec SecurityExpressions Audit and Compliance Server 4.1.1, 4.1, and earlier allows remote authenticated users to inject arbitrary web script or HTML via \"external client input\" that triggers crafted error messages."}, {"lang": "es", "value": "Ejecuci\u00f3n de comandos en sitios cruzados (XSS) en la consola de Symantec SecurityExpressions Audit y Compliance Server v4.1.1, v4.1 y anteriores permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de la \"entrada de clientes externos\" lo cual provoca mensajes de error manipulados."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:securityexpressions_audit_and_compliance_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D4E75BA-D9C7-4568-A978-82A304A4BDA6", "versionEndIncluding": "4.1.1"}, {"criteria": "cpe:2.3:a:symantec:securityexpressions_audit_and_compliance_server:4.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A5B8408-80B7-4EAC-8439-EB35D7435CB6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}