Cross-Site Scripting Vulnerability in Symantec Messaging Gateway
CVE-2019-18378

4.8MEDIUM

Key Information:

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 11 December 2019

What is CVE-2019-18378?

The vulnerability in Symantec Messaging Gateway allows for a cross-site scripting exploit where attackers can inject malicious client-side scripts into web pages. This exploit can enable the attackers to bypass existing access controls, potentially compromising user data and system integrity. Ensuring that your installation is updated to version 10.7.3 or later is crucial to protect against these kinds of vulnerabilities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Symantec Messaging Gateway prior to 10.7.3

References

https://support.symantec.com/us/en/article.SYMSA1501.html

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 11, 2019
Vulnerability Reserved
Oct 23, 2019

JSON

Symantec