CVE-2013-4674

2013-07-3113:20:28

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4674

cross-site scripting

xss

symantec encryption management server

vulnerability

email protection

5.3 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.006 Low

EPSS

Percentile

79.2%

JSON

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

Affected configurations

NVD

Node

symantecencryption_management_serverRange≤3.3.0mp1

symantecencryption_management_serverMatch3.3.0

symantecpgp_universal_serverMatch3.2.0

symantecpgp_universal_serverMatch3.2.1

symantecpgp_universal_serverMatch3.2.1mp2

CPENameOperatorVersion
symantec:encryption_management_serversymantec encryption management serverle3.3.0
symantec:pgp_universal_serversymantec pgp universal servereq3.2.0
symantec:pgp_universal_serversymantec pgp universal servereq3.2.1

CPE	Name	Operator	Version
symantec:encryption_management_server	symantec encryption management server	le	3.3.0
symantec:pgp_universal_server	symantec pgp universal server	eq	3.2.0
symantec:pgp_universal_server	symantec pgp universal server	eq	3.2.1