Vulnerabilities > Symantec > Messaging Gateway > 10.6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-25629 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user who has the privilege to add/edit annotations on the Content tab, can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). | 5.4 |
| 2022-12-09 | CVE-2022-25630 | Cross-site Scripting vulnerability in Symantec Messaging Gateway An authenticated user can embed malicious content with XSS into the admin group policy page. | 5.4 |
| 2019-12-11 | CVE-2019-18379 | Server-Side Request Forgery (SSRF) vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a server-side request forgery (SSRF) exploit, which is a type of issue that can let an attacker send crafted requests from the backend server of a vulnerable web application or access services available through the loopback interface. | 7.5 |
| 2019-12-11 | CVE-2019-18378 | Cross-site Scripting vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 3.5 |
| 2019-12-11 | CVE-2019-18377 | Unspecified vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | 6.5 |
| 2019-10-24 | CVE-2019-9699 | Information Exposure vulnerability in Symantec Messaging Gateway Symantec Messaging Gateway (prior to 10.7.0), may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | 2.7 |
| 2018-09-19 | CVE-2018-12243 | XXE vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to a XML external entity (XXE) exploit, which is a type of issue where XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 5.8 |
| 2018-09-19 | CVE-2018-12242 | Improper Authentication vulnerability in Symantec Messaging Gateway The Symantec Messaging Gateway product prior to 10.6.6 may be susceptible to an authentication bypass exploit, which is a type of issue that can allow attackers to potentially circumvent security mechanisms currently in place and gain access to the system or network. | 7.5 |