CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-25630 – Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-25630
09 Dec 2022 — An authenticated user can embed malicious content with XSS into the admin group policy page. Un usuario autenticado puede incrustar contenido malicioso con XSS en la página de política del grupo de administración. Symantec Messaging Gateway version 10.7.4 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/171781 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-25629
https://notcve.org/view.php?id=CVE-2022-25629
09 Dec 2022 — An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Un usuario autenticado que tiene el privilegio de agregar/editar anotaciones en la pestaña Contenido puede crear una anotación maliciosa que se puede ejecutar en la página de anotaciones (columna de texto de anotación). • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/21115 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 2%CPEs: 10EXPL: 0CVE-2012-6277
https://notcve.org/view.php?id=CVE-2012-6277
21 Feb 2020 — Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes 8.5.x, IBM Lotus Domino 8.5.x before 8.5.3 FP4, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, related to "a number of unde... • https://support.symantec.com/us/en/article.symsa1262.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18379
https://notcve.org/view.php?id=CVE-2019-18379
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo server-side request forgery (SSRF), que es un tipo de problema que puede permitir a un atacante enviar ... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18378
https://notcve.org/view.php?id=CVE-2019-18378
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to potentially bypass access controls such as the same-origin policy. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una explotación de tipo cross-site scripting (XSS), el cual es un tipo de... • https://support.symantec.com/us/en/article.SYMSA1501.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2019-18377
https://notcve.org/view.php?id=CVE-2019-18377
11 Dec 2019 — Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. Symantec Messaging Gateway, versiones anteriores a 10.7.3, puede ser susceptible a una vulnerabilidad de escalada de privilegios, que es un tipo de problema mediante el cual un atacante puede intentar comprometer la a... • https://support.symantec.com/us/en/article.SYMSA1501.html •
CVSS: 4.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9699
https://notcve.org/view.php?id=CVE-2019-9699
24 Oct 2019 — Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. Symantec Messaging Gateway (anterior a versión 10.7.0) puede ser susceptible a un problema de divulgación de información, que es un tipo de vulnerabilidad que podría permitir potencialmente el acceso no autorizado a los datos. • https://support.symantec.com/en_US/article.SYMSA1482.html •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12243
https://notcve.org/view.php?id=CVE-2018-12243
19 Sep 2018 — The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. The attack uses file URI schemes or relative paths in the system identifier to access files that should not normally be accessible. El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotación XXE (XML External... • http://www.securityfocus.com/bid/105330 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-12242
https://notcve.org/view.php?id=CVE-2018-12242
19 Sep 2018 — The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. El producto Symantec Messaging Gateway en versiones anteriores a la 10.6.6 puede ser susceptible a una explotación de omisión de autenticación, que es un tipo de vulnerabilidad que puede permitir a los atacantes omitir los mecanismos de segurid... • http://www.securityfocus.com/bid/105329 • CWE-287: Improper Authentication •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15532 – Symantec Messaging Gateway Export Servlet snmpFileName Directory Traversal Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2017-15532
20 Dec 2017 — Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a path traversal attack (also known as directory traversal). These types of attacks aim to access files and directories that are stored outside the web root folder. By manipulating variables, it may be possible to access arbitrary files and directories stored on the file system including application source code or configuration and critical system files. En versiones anteriores a la 10.6.4, Symantec Messaging Gateway podría ser susceptible a ... • http://www.securityfocus.com/bid/102096 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •