Описание
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.3.0 (включая)
Одно из
cpe:2.3:a:symantec:encryption_management_server:*:mp1:*:*:*:*:*:*
cpe:2.3:a:symantec:encryption_management_server:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_universal_server:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_universal_server:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:symantec:pgp_universal_server:3.2.1:mp2:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00387
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79
Связанные уязвимости
github
больше 3 лет назад
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
EPSS
Процентиль: 59%
0.00387
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-79