CVE-2013-4674 Information

Description

Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.

Reference

http://osvdb.org/95581 http://secunia.com/advisories/54214 http://www.securityfocus.com/bid/61290 http://www.securitytracker.com/id/1028820 http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00 https://exchange.xforce.ibmcloud.com/vulnerabilities/85902