vendor:
Norton Internet Security
by:
SecurityFocus
3.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: Norton Internet Security
Affected Version From: Norton Internet Security 2003 v6.0.4.34
Affected Version To: Other versions may be affected as well.
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2003
Symantec Norton Internet Security Cross-Site Scripting Vulnerability
It has been reported that Symantec Norton Internet Security is prone to a cross-site scripting vulnerability. The issue is reported to exist when the software blocks a restricted website and an error message containing the requested URL is returned to the user. This URL is not sanitized for malicious input therefore allowing a remote attacker to execute HTML or script code in the browser of a user running the vulnerable software. The script code would run in the context of the blocked site. Successful exploitation of this attack may allow an attacker to steal cookie-based authentication information that could be used to launch further attacks.
Mitigation:
Input validation should be used to ensure that user-supplied data is properly sanitized.
