Support Content Notification - Support Portal

Stored XSS Vulnerability in Symantec Messaging Gateway 10.7.4

Product/Component

Messaging Gateway

0 more products

Notification Id

21117

Last Updated

13 January 2023

Initial Publication Date

08 December 2022

Status

CLOSED

Severity

MEDIUM

CVSS Base Score

4.8

WorkAround

Affected CVE

Summary

An authenticated user can embed malicious content with XSS into the admin group policy page.

Affected Product(s)

Symantec Messaging Gateway
CVE	Supported Version(s)	Remediation
CVE-2022-25630	Releases prior to Symantec Messaging Gateway 10.8 are impacted	The customers should apply Symantec Messaging Gateway 10.8

Issue Details

CVE-2022-25630
Severity / CVSS v3.0:	Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
References:	NVD: CVE-2022-25630
Impact:	Stored XSS Vulnerability
Description:	An authenticated user can embed malicious content with XSS into the admin group policy page.

Acknowledgements

Revisions

2022-12-0: Initial public release