Symantec Messaging Gateway 9.5.x Multiple Vulnerabilities (SYM12-013)

According to its self-reported version number, the version of Symantec Messaging Gateway running on the remote host is 9.5.x and has the following vulnerabilities : - Multiple XSS vulnerabilities exist. CVE-2012-0307 - Lack of password protection on sensitive functions as well as of CSRF protecti...

CVE-2012-0307

CVE-2012-0307 affects Symantec Messaging Gateway (SMG) prior to version 10.0. The vulnerability class is multiple cross-site scripting (XSS) issues, allowing remote attackers to inject arbitrary web script or HTML via (1) web content or (2) e-mail content. The public references describe XSS in th...