Cross-Site Scripting Vulnerability in Symantec Messaging Gateway Management Console
CVE-2014-1648
Currently unrated
What is CVE-2014-1648?
A Cross-Site Scripting (XSS) vulnerability exists in the management console of Symantec Messaging Gateway versions earlier than 10.5.2. This security flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'displayTab' parameter, potentially compromising the security of the application and its users. Exploiting this vulnerability could lead to unauthorized actions being executed in the context of the affected user, making the system susceptible to further attacks.