Security Advisory for Symantec Encryption Management Server Web Email Protection XSS

Article:AL1467  |  Created: 2013-07-22  |  Updated: 2013-07-22  |  Article URL http://www.symantec.com/docs/AL1467
Article Type
Alerts

Product(s)

Description



Symantec's Encryption Management Server, previously PGP Universal Server, is susceptible to a cross-site scripting (XSS) issue, in the web management interface of the server. The XSS issue is in the Web Email Protection component. This issue could allow an authenticated Web Email Protection user to run arbitrary scripts in the context of the management console.

Versions affected:

  • Symantec Encryption Management Server 3.3.0
  • Symantec Encryption Management Server 3.3.0 MP1
  • PGP Universal Server 3.0.0 - 3.2.1 MP5

This issue is fixed in Symantec Encryption Management Server 3.3.0 MP2.

For more information, see the following link: Security Advisory for Symantec Encryption Management Server



Article URL http://www.symantec.com/docs/AL1467


Terms of use for this information are found in Legal Notices