CVE-2019-18378 — Cross-site Scripting in Messaging Gateway

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.8MEDIUMNVD

EPSS

0.3%

top 50.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Messaging Gateway Broadcom Symantec Messaging Gateway

Timeline

PublishedDec 11

Latest updateMay 24

Description

Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages2 packages

▶NVDsymantec/messaging_gateway< 10.7.3

▶CVEListV5broadcom/symantec_messaging_gatewayprior to 10.7.3

🔴Vulnerability Details

GHSA

GHSA-r4mf-29c6-hhqm: Symantec Messaging Gateway, prior to 10↗2022-05-24

▶

CVEList

CVE-2019-18378: Symantec Messaging Gateway, prior to 10↗2019-12-11

▶