Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Symantec | Encryption Management Server | <= 3.3.0 |
| Symantec | Pgp Universal Server | 3.2.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/95581
- http://secunia.com/advisories/54214
- http://www.securityfocus.com/bid/61290
- http://www.securitytracker.com/id/1028820
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85902
- http://osvdb.org/95581
- http://secunia.com/advisories/54214
- http://www.securityfocus.com/bid/61290
- http://www.securitytracker.com/id/1028820
- http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=securitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/85902
FAQ
What is CVE-2013-4674?
CVE-2013-4674 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenti...
How severe is CVE-2013-4674?
CVE-2013-4674 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4674?
Check the references section above for vendor advisories and patch information. Affected products include: Symantec Encryption Management Server, Symantec Pgp Universal Server.