CVE-2013-4674

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 40.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Encryption Management Server Symantec PGP Universal Server

Timeline

PublishedJul 31

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDsymantec/encryption_management_server3.3.0+1

▶NVDsymantec/pgp_universal_server3.2.0, 3.2.1+1

🔴Vulnerability Details

GHSA

GHSA-5hmv-vv26-wxmx: Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Univers↗2022-05-17

▶

CVEList

CVE-2013-4674: Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Univers↗2013-07-31

▶