Description
Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
References (7)
Core 7
Core References
Patch, Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1155
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34885
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50074
Third Party Advisory x_refsource_confirm
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01
Patch vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1022116
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34641
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/53944
Scores
EPSS
0.0072
EPSS Percentile
72.7%
Details
CWE
CWE-79
Status
published
Products (4)
symantec/brightmail_gateway_appliance
7.5
symantec/brightmail_gateway_appliance
7.6
symantec/brightmail_gateway_appliance
7.7
symantec/brightmail_gateway_appliance
< 8.0
Published
Apr 24, 2009
Tracked Since
Feb 18, 2026