CVE-2019-19547

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Symantec Endpoint Detection and Response (SEDR) versions prior to 4.3.0. The issue allows an attacker to inject client-side scripts into web pages viewed by other users, potentially bypassing access controls such as the same-origin policy [1][2]. The exact input vector is not detailed in the available references, but it is a persistent XSS that can be triggered when a user views affected pages.

Exploitation

An attacker must be able to inject malicious script input into SEDR's web interface, likely through a field or parameter that is later rendered to other users. No authentication details are specified, but typical SEDR deployments have administrative and analyst users; the attacker may need authenticated access to submit the malicious payload. The script executes when another user visits the affected page, with no additional user interaction beyond normal browsing.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the victim's browser session. This can lead to theft of session cookies, manipulation of page content, or other actions that bypass the same-origin policy. The attacker can act with the victim's privileges within the SEDR console, potentially gaining access to sensitive endpoint detection and response data.

Mitigation

Symantec has fixed the issue in SEDR version 4.3.0 [1][2]. Users should upgrade to this version or later. No workarounds are documented in the available references. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.