Product/Component: Messaging Gateway Last Updated: 13 January 2023 Initial Publication Date: 07 December 2022 Severity: Medium (CVSS Base Score: 4.8) Affected CVE: CVE-2022-25629 Summary: An authenticated user with the privilege to add/edit annotations on the Content tab can craft a malicious annotation that can be executed on the annotations page. Affected Product(s): - Symantec Messaging Gateway: Releases prior to Symantec Messaging Gateway 10.8 are impacted. Customers should apply Symantec Messaging Gateway 10.8. CVE-2022-25629: - Severity: Medium / 4.8 (AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N) - Impact: Stored XSS Vulnerability - Description: An authenticated user who can add/edit annotations on the Content tab can craft a malicious annotation that can be executed on the annotations page (Annotation Text Column). Acknowledgements: Abdullah Alomair, @i4bdullah Revisions: 2022-12-07: Initial public release