CVE-2019-18378

4.8MEDIUM

Key Information

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 11 December 2019

Summary

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

Affected Version(s)

Symantec Messaging Gateway = prior to 10.7.3

Refferences

https://support.symantec.com/us/en/article.SYMSA1501.html

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2019
Vulnerability Reserved
Oct 23, 2019

Collectors

NVD DatabaseMitre Database