XSS in Symantec Messaging_gateway
CVE-2014-1648
Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.005 (67.4th percentile) — read the EPSS interpretation.
Affected products
- Symantec Messaging_gateway — versions 10.0, 10.0.1, 10.0.2
- N/a — versions n/a
Weakness classification (CWE)
References
- 66966 (vdb-entry, x_refsource_BID)
- 1030136 (vdb-entry, x_refsource_SECTRACK)
- secure@symantec.com (x_refsource_CONFIRM, Vendor Advisory)
- 20140422 (CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site Scripting Vulnerability (mailing-list, Exploit, x_refsource_FULLDISC)