Unrated severityNVD Advisory· Published Mar 28, 2011· Updated Jun 16, 2026
CVE-2011-1524
CVE-2011-1524
Description
Cross-site scripting (XSS) vulnerability in the management login GUI page in Symantec LiveUpdate Administrator (LUA) before 2.3 allows remote attackers to inject arbitrary web script or HTML via the username field, as demonstrated by injecting an IFRAME element into the event log, a different vulnerability than CVE-2011-0545.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:symantec:liveupdate_administrator:*:*:*:*:*:*:*:*range: <=2.2.2.9
- cpe:2.3:a:symantec:liveupdate_administrator:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:liveupdate_administrator:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:liveupdate_administrator:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:liveupdate_administrator:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:liveupdate_administrator:2.2.2:*:*:*:*:*:*:*
- (no CPE)range: <2.3
Patches
Vulnerability mechanics
References
9- securitytracker.com/idnvdExploit
- sotiriu.de/adv/NSOADV-2011-001.txtnvdExploit
- www.exploit-db.com/exploits/17026nvdExploit
- www.securityfocus.com/bid/46856nvdExploit
- www.vupen.com/english/advisories/2011/0727nvdVendor Advisory
- securityreason.com/securityalert/8166nvd
- www.securityfocus.com/archive/1/517109/100/0/threadednvd
- www.symantec.com/security_response/securityupdates/detail.jspnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/66213nvd
News mentions
0No linked articles in our index yet.