Cross-Site Scripting Vulnerability in Symantec Encryption Management Server
CVE-2013-4674

Currently unrated

Key Information:

Vendor: Symantec
Status: Encryption Management Server; Pgp Universal Server
Vendor: CVE Published:; 31 July 2013

What is CVE-2013-4674?

A cross-site scripting vulnerability exists in the Web Email Protection component of Symantec Encryption Management Server. This issue allows remote authenticated users to execute arbitrary web scripts or HTML by injecting malicious content through crafted encrypted email attachments. This creates a potential for exploitation, leading to unauthorized actions within the application's web interface.

References

http://www.securityfocus.com/bid/61290

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/85902

vdb-entryx_refsource_XF

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 31, 2013
Vulnerability Reserved
Jun 24, 2013