CVE-2018-12246 is a vulnerability in Symantec Web Isolation
Published on October 22, 2018
Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. A remote attacker can target end users protected by WI with social engineering attacks using crafted URLs for legitimate web sites. A successful attack allows injecting malicious JavaScript code into the website's rendered copy running inside the end user's web browser. It does not allow injecting code into the real (isolated) copy of the website running on the WI Threat Isolation Engine.
Products Associated with CVE-2018-12246
Want to know whenever a new CVE is published for Symantec Web Isolation? stack.watch will email you.
Affected Versions
Symantec Corporation Symantec Web Isolation Version 1.11 prior to 1.11.21 is affected by CVE-2018-12246Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.