CVE-2022-25629 — Cross-site Scripting in Messaging Gateway

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.7%

top 28.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Messaging Gateway Broadcom Symantec Messaging Gateway

Timeline

PublishedDec 9

Description

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶NVDsymantec/messaging_gateway< 10.8

▶CVEListV5broadcom/symantec_messaging_gatewayAll releases prior to SMG 10.8

🔴Vulnerability Details

GHSA

GHSA-5jg8-2jvh-hppf: An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the a↗2022-12-09

▶

CVEList

CVE-2022-25629: An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the a↗2022-12-09

▶