Unrated severityNVD Advisory· Published Jan 21, 2015· Updated Jun 17, 2026
CVE-2014-9224
CVE-2014-9224
Description
Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- cpe:2.3:a:broadcom:symantec_critical_system_protection:5.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:symantec:data_center_security:6.0.0:*:*:*:server_advanced:*:*:*
- Range: 6.0.x through 6.0 MP1
- Range: 5.2.9 through MP6
Patches
Vulnerability mechanics
References
5- www.symantec.com/security_response/securityupdates/detail.jspnvdVendor Advisory
- packetstormsecurity.com/files/130060/Symantec-SDCS-SA-SCSP-XSS-Bypass-SQL-Injection-Disclosure.htmlnvd
- seclists.org/fulldisclosure/2015/Jan/91nvd
- www.securityfocus.com/archive/1/534527/100/0/threadednvd
- www.securityfocus.com/bid/72093nvd
News mentions
0No linked articles in our index yet.