CVE-2013-4674

EPSS 0.39%
Published 31.07.2013 13:20:28
Last modified 11.04.2025 00:51:21
Source secure@symantec.com
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Symantec ≫ Encryption Management Server Updatemp1 Version <= 3.3.0

Symantec ≫ Encryption Management Server Version3.3.0

Symantec ≫ Pgp Universal Server Version3.2.0

Symantec ≫ Pgp Universal Server Version3.2.1

Symantec ≫ Pgp Universal Server Version3.2.1 Updatemp2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.39%	0.569

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://osvdb.org/95581

http://secunia.com/advisories/54214

http://www.securityfocus.com/bid/61290

http://www.securitytracker.com/id/1028820

http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/85902

https://nvd.nist.gov/vuln/detail/CVE-2013-4674

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-4674

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-4674

EUVD