3 matches found
Symantec Messaging Gateway Management Console Cross Site Scripting (CVE-2014-1648)
A reflected Cross-Site Scripting vulnerability exists in Symantec Messaging Gateway Management Console. The vulnerability is due to insufficient input validation of the "displayTab" parameter. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary script code in the...
CVE-2014-1648
CVE-2014-1648 is a reflected XSS in Symantec Messaging Gateway 10.x prior to 10.5.2. The vulnerability resides in the management console’s brightmail/setting/compliance/DlpConnectFlow$view.flo component, exploitable via the displayTab parameter to inject arbitrary script/HTML in a user’s browser....
Symantec Messaging Gateway Management Console Reflected XSS
SUMMARY Symantecs Messaging Gateway management console is susceptible to a reflected cross-site scripting XSS issue found in one of the administrative interface pages. Successful exploitation could result in potential session hijacking or unauthorized actions directed against the console with the...