Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-25629: Support Content Notification - Support Portal - Broadcom support portal

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column)

CVE
Open in Source
#xss#vulnerability#auth

XSS Vulnerability in Symantec Messaging Gateway

Last Updated

07 December 2022

Initial Publication Date

07 December 2022

Summary

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page.

Affected Product(s)

Symantec Messaging Gateway

CVE

Supported Version(s)

Remediation

CVE-2022-25629

10.7.4 – 10.7.13

The customers should apply Symantec Messaging Gateway 10.8

Issue Details

CVE-2022-25629

Severity / CVSS v3.0:

Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N)

References:

NVD: CVE-2022-25629

Impact:

Stored XSS Vulnerability

Description:

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

Acknowledgements

  • CVE-2022-25629 Abdullah Alomair, @i4bdullah

Revisions

2022-12-07: Initial public release

Related news

CVE-2022-25629: Support Content Notification - Support Portal - Broadcom support portal

An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column).

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE