Unrated severityNVD Advisory· Published Oct 22, 2018· Updated Sep 16, 2024

CVE-2018-12246

Description

Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.

Affected products

Symantec/Web Isolationllm-create
Range: <1.11.21
Symantec Corporation/Symantec Web Isolationv5
Range: 1.11 prior to 1.11.21

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/105581mitrevdb-entryx_refsource_BID
support.symantec.com/content/unifiedweb/en_US/article.SYMSA1464.htmlmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000