Unrated severityNVD Advisory· Published Aug 15, 2011· Updated Apr 29, 2026

CVE-2011-0550

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Web Interface in the Endpoint Protection Manager in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.6300 allow remote attackers to inject arbitrary web script or HTML via (1) the token parameter to portal/Help.jsp or (2) the URI in a console/apps/sepm request.

Affected products

Symantec/Endpoint Protection5 versions
cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:symantec:endpoint_protection:11.0.6000:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6100:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6200:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6200.754:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:endpoint_protection:11.0.6300:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/43662nvdVendor Advisory
securitytracker.com/idnvd
www.osvdb.org/74465nvd
www.osvdb.org/74466nvd
www.securityfocus.com/bid/48231nvd
www.symantec.com/security_response/securityupdates/detail.jspnvd
exchange.xforce.ibmcloud.com/vulnerabilities/69136nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000