CVE-2014-1648

2014-04-2311:52:59

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.6

Confidence

High

EPSS

0.43

Percentile

97.4%

JSON

Cross-site scripting (XSS) vulnerability in brightmail/setting/compliance/DlpConnectFlow$view.flo in the management console in Symantec Messaging Gateway 10.x before 10.5.2 allows remote attackers to inject arbitrary web script or HTML via the displayTab parameter.

Affected configurations

Nvd

Node

symantecmessaging_gatewayMatch10.0

symantecmessaging_gatewayMatch10.0.1

symantecmessaging_gatewayMatch10.0.2

symantecmessaging_gatewayMatch10.0.3

symantecmessaging_gatewayMatch10.5.0

symantecmessaging_gatewayMatch10.5.1

VendorProductVersionCPE
symantecmessaging_gateway10.0cpe:2.3:a:symantec:messaging_gateway:10.0:*:*:*:*:*:*:*
symantecmessaging_gateway10.0.1cpe:2.3:a:symantec:messaging_gateway:10.0.1:*:*:*:*:*:*:*
symantecmessaging_gateway10.0.2cpe:2.3:a:symantec:messaging_gateway:10.0.2:*:*:*:*:*:*:*
symantecmessaging_gateway10.0.3cpe:2.3:a:symantec:messaging_gateway:10.0.3:*:*:*:*:*:*:*
symantecmessaging_gateway10.5.0cpe:2.3:a:symantec:messaging_gateway:10.5.0:*:*:*:*:*:*:*
symantecmessaging_gateway10.5.1cpe:2.3:a:symantec:messaging_gateway:10.5.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
symantec	messaging_gateway	10.0	cpe:2.3:a:symantec:messaging_gateway:10.0:::::::*
symantec	messaging_gateway	10.0.1	cpe:2.3:a:symantec:messaging_gateway:10.0.1:::::::*
symantec	messaging_gateway	10.0.2	cpe:2.3:a:symantec:messaging_gateway:10.0.2:::::::*
symantec	messaging_gateway	10.0.3	cpe:2.3:a:symantec:messaging_gateway:10.0.3:::::::*
symantec	messaging_gateway	10.5.0	cpe:2.3:a:symantec:messaging_gateway:10.5.0:::::::*
symantec	messaging_gateway	10.5.1	cpe:2.3:a:symantec:messaging_gateway:10.5.1:::::::*