CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0CVE-2012-0302
https://notcve.org/view.php?id=CVE-2012-0302
Cross-site scripting (XSS) vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en el Centro de Control de Brightmail de Symantec Message Filter v6.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados. • http://www.securityfocus.com/bid/54134 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0300
https://notcve.org/view.php?id=CVE-2012-0300
Brightmail Control Center in Symantec Message Filter 6.3 does not properly restrict establishment of sessions to the listening port, which allows remote attackers to obtain potentially sensitive version information via unspecified vectors. Centro de control de Brightmail de Symantec Message Filter v6.3 no restringe adecuadamente el establecimiento de sesiones a través del puerto de escucha, lo que permite a atacantes remotos obtener información de versión potencialmente sensible a través de vectores no especificados. • http://www.securityfocus.com/bid/54136 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0303
https://notcve.org/view.php?id=CVE-2012-0303
Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) create admin accounts. Varias vulnerabilidades de falsificación de peticiones en sitios cruzados(CSRF) en Brightmail Control Center de Symantec Message Filter v6.3 permite a atacantes remotos secuestrar la autenticación de usuarios arbitrarios para solicitudes que (1) ejecutan comandos de la aplicación o (2) crean cuentas de administrador. • http://www.securityfocus.com/bid/54133 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2012-0301
https://notcve.org/view.php?id=CVE-2012-0301
Session fixation vulnerability in Brightmail Control Center in Symantec Message Filter 6.3 allows remote attackers to hijack web sessions via unspecified vectors. Vulnerabilidad de fijación de sesión en el Centro de Control de Brightmail de Symantec Message Filter v6.3 permite a atacantes remotos secuestrar sesiones web a través de vectores no especificados. • http://www.securityfocus.com/bid/54135 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120626_00 • CWE-287: Improper Authentication •