Support Content Notification - Support Portal

XSS Vulnerability in Symantec Messaging Gateway

Product/Component

Messaging Gateway

0 more products

Notification Id

21115

Last Updated

13 January 2023

Initial Publication Date

07 December 2022

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

4.8

WorkAround

Affected CVE

Summary

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page.

Affected Product(s)

Symantec Messaging Gateway
CVE	Supported Version(s)	Remediation
CVE-2022-25629	Releases prior to Symantec Messaging Gateway 10.8 are impacted	The customers should apply Symantec Messaging Gateway 10.8

Issue Details

CVE-2022-25629
Severity / CVSS v3.0:	Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
References:	NVD: CVE-2022-25629
Impact:	Stored XSS Vulnerability
Description:	An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

Acknowledgements

CVE-2022-25629 Abdullah Alomair, @i4bdullah

Revisions

2022-12-07: Initial public release