XSS Vulnerability in Symantec Messaging Gateway

Messaging Gateway

0 more products

21115

13 January 2023

07 December 2022

CLOSED

MEDIUM

4.8

Summary

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page.

 

Affected Product(s)

Symantec Messaging Gateway
CVE Supported Version(s) Remediation
CVE-2022-25629

Releases prior to Symantec Messaging Gateway 10.8 are impacted The customers should apply Symantec Messaging Gateway 10.8

 

Issue Details

CVE-2022-25629
Severity / CVSS v3.0: Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
References: NVD: CVE-2022-25629
Impact: Stored XSS Vulnerability
Description: An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

 

Acknowledgements

  • CVE-2022-25629 Abdullah Alomair, @i4bdullah

Revisions

2022-12-07: Initial public release