Stored XSS Vulnerability in Symantec Messaging Gateway 10.7.4

Messaging Gateway

0 more products

21117

13 January 2023

08 December 2022

CLOSED

MEDIUM

4.8

Summary

An authenticated user can embed malicious content with XSS into the admin group policy page.

 

Affected Product(s)

Symantec Messaging Gateway
CVE Supported Version(s) Remediation
CVE-2022-25630 Releases prior to Symantec Messaging Gateway 10.8 are impacted The customers should apply Symantec Messaging Gateway 10.8

 

Issue Details

CVE-2022-25630
Severity / CVSS v3.0: Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
References: NVD: CVE-2022-25630
Impact: Stored XSS Vulnerability
Description: An authenticated user can embed malicious content with XSS into the admin group policy page.

 

Acknowledgements

 

Revisions

2022-12-0: Initial public release