CVE-2013-4674: XSS
First published: Wed Jul 31 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
Credit: secure@symantec.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Symantec Encryption Management Server | <=3.3.0 | |
| Symantec Encryption Management Server | =3.3.0 | |
| Symantec PGP Universal Server | =3.2.0 | |
| Symantec PGP Universal Server | =3.2.1 | |
| Symantec PGP Universal Server | =3.2.1-mp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://osvdb.org/95581
- http://secunia.com/advisories/54214
- http://www.securityfocus.com/bid/61290
- http://www.securitytracker.com/id/1028820
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85902
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/symantec
- canonical/symantec encryption management server
- version/symantec encryption management server/3.3.0
- canonical/symantec pgp universal server
- version/symantec pgp universal server/3.2.0
- version/symantec pgp universal server/3.2.1
- version/symantec pgp universal server/3.2.1-mp2