XSS Vulnerability in Symantec Messaging Gateway
Summary
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page.
Affected Product(s)
Symantec Messaging Gateway | ||
CVE | Supported Version(s) | Remediation |
CVE-2022-25629 |
Releases prior to Symantec Messaging Gateway 10.8 are impacted | The customers should apply Symantec Messaging Gateway 10.8 |
Issue Details
CVE-2022-25629 | |
Severity / CVSS v3.0: | Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) |
References: | NVD: CVE-2022-25629 |
Impact: | Stored XSS Vulnerability |
Description: | An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). |
Acknowledgements
- CVE-2022-25629 Abdullah Alomair, @i4bdullah
Revisions
2022-12-07: Initial public release