Cross-Site Scripting Vulnerability in Symantec Messaging Gateway
CVE-2019-18378

4.8MEDIUM

Key Information:

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 11 December 2019

What is CVE-2019-18378?

The vulnerability in Symantec Messaging Gateway allows for a cross-site scripting exploit where attackers can inject malicious client-side scripts into web pages. This exploit can enable the attackers to bypass existing access controls, potentially compromising user data and system integrity. Ensuring that your installation is updated to version 10.7.3 or later is crucial to protect against these kinds of vulnerabilities.

Affected Version(s)

Symantec Messaging Gateway prior to 10.7.3

References

https://support.symantec.com/us/en/article.SYMSA1501.html

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 11, 2019
Vulnerability Reserved
Oct 23, 2019