CVE-2012-0307

2012-08-2910:56:39

CWE-79

mitre

web.nvd.nist.gov

cve-2012-0307

xss

vulnerabilities

symantec messaging gateway

smg

web content

email content

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.01

Percentile

83.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Symantec Messaging Gateway (SMG) before 10.0 allow remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content.

Affected configurations

Nvd

Node

symantecmessaging_gatewayRange≤9.5.4

symantecmessaging_gatewayMatch9.5

symantecmessaging_gatewayMatch9.5.1

symantecmessaging_gatewayMatch9.5.2

symantecmessaging_gatewayMatch9.5.3

VendorProductVersionCPE
symantecmessaging_gateway*cpe:2.3:a:symantec:messaging_gateway:*:*:*:*:*:*:*:*
symantecmessaging_gateway9.5cpe:2.3:a:symantec:messaging_gateway:9.5:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.1cpe:2.3:a:symantec:messaging_gateway:9.5.1:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.2cpe:2.3:a:symantec:messaging_gateway:9.5.2:*:*:*:*:*:*:*
symantecmessaging_gateway9.5.3cpe:2.3:a:symantec:messaging_gateway:9.5.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	messaging_gateway	*	cpe:2.3:a:symantec:messaging_gateway::::::::
symantec	messaging_gateway	9.5	cpe:2.3:a:symantec:messaging_gateway:9.5:::::::*
symantec	messaging_gateway	9.5.1	cpe:2.3:a:symantec:messaging_gateway:9.5.1:::::::*
symantec	messaging_gateway	9.5.2	cpe:2.3:a:symantec:messaging_gateway:9.5.2:::::::*
symantec	messaging_gateway	9.5.3	cpe:2.3:a:symantec:messaging_gateway:9.5.3:::::::*