Headline
CVE-2022-25629: Support Content Notification - Support Portal - Broadcom support portal
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
XSS Vulnerability in Symantec Messaging Gateway
Last Updated
13 January 2023
Initial Publication Date
07 December 2022
Summary
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page.
Affected Product(s)
Symantec Messaging Gateway
CVE
Supported Version(s)
Remediation
CVE-2022-25629
Releases prior to Symantec Messaging Gateway 10.8 are impacted
The customers should apply Symantec Messaging Gateway 10.8
Issue Details
CVE-2022-25629
Severity / CVSS v3.0:
Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)
References:
NVD: CVE-2022-25629
Impact:
Stored XSS Vulnerability
Description:
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).
Acknowledgements
- CVE-2022-25629 Abdullah Alomair, @i4bdullah
Revisions
2022-12-07: Initial public release
Related news
An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)