Cross-Site Scripting Vulnerability in Symantec Messaging Gateway by Broadcom
CVE-2022-25630

5.4MEDIUM

Key Information:

Vendor: Symantec
Status: Symantec Messaging Gateway
Vendor: CVE Published:; 9 December 2022

What is CVE-2022-25630?

An authenticated user in Symantec Messaging Gateway can exploit a cross-site scripting vulnerability by embedding malicious content within the admin group policy page. This could allow for the execution of arbitrary scripts in the context of an administrator's session, potentially compromising sensitive information or altering configurations without authorization.

Affected Version(s)

Symantec Messaging Gateway All releases prior to SMG 10.8

References

https://support.broadcom.com/web/ecx/support-content-noti...

http://packetstormsecurity.com/files/171781/Symantec-Mess...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2022
Vulnerability Reserved
Feb 21, 2022