Cross-Site Scripting Vulnerability in Symantec Messaging Gateway Management Console
CVE-2014-1648

Currently unrated

Key Information:

Vendor
Symantec
Status
Messaging Gateway
Vendor
CVE Published:
23 April 2014

Summary

A Cross-Site Scripting (XSS) vulnerability exists in the management console of Symantec Messaging Gateway versions earlier than 10.5.2. This security flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'displayTab' parameter, potentially compromising the security of the application and its users. Exploiting this vulnerability could lead to unauthorized actions being executed in the context of the affected user, making the system susceptible to further attacks.

References

http://www.securityfocus.com/bid/66966
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1030136
vdb-entryx_refsource_SECTRACK
http://www.symantec.com/security_response/securityupdates...
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2014-1648 : Cross-Site Scripting Vulnerability in Symantec Messaging Gateway Management Console | SecurityVulnerability.io