Cross-Site Scripting Vulnerability in Symantec Messaging Gateway Management Console
CVE-2014-1648

Currently unrated

Key Information:

Vendor: Symantec
Status: Messaging Gateway
Vendor: CVE Published:; 23 April 2014

What is CVE-2014-1648?

A Cross-Site Scripting (XSS) vulnerability exists in the management console of Symantec Messaging Gateway versions earlier than 10.5.2. This security flaw allows remote attackers to inject arbitrary web scripts or HTML via the 'displayTab' parameter, potentially compromising the security of the application and its users. Exploiting this vulnerability could lead to unauthorized actions being executed in the context of the affected user, making the system susceptible to further attacks.

References

http://www.securityfocus.com/bid/66966

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1030136

vdb-entryx_refsource_SECTRACK

http://www.symantec.com/security_response/securityupdates...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 23, 2014
Vulnerability Reserved
Jan 23, 2014