{"api_version":"1","generated_at":"2026-06-13T12:41:04+00:00","cve":"CVE-2013-4674","urls":{"html":"https://cve.report/CVE-2013-4674","api":"https://cve.report/api/cve/CVE-2013-4674.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4674","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4674"},"summary":{"title":"CVE-2013-4674","description":"Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.","state":"PUBLISHED","assigner":"symantec","published_at":"2013-07-31 13:20:28","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-79","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:N/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://secunia.com/advisories/54214","name":"http://secunia.com/advisories/54214","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA54214 - Symantec Encryption Management Server Email Attachments Script Insertion Vulnerability - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/95581","name":"http://osvdb.org/95581","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://www.securitytracker.com/id/1028820","name":"http://www.securitytracker.com/id/1028820","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Encryption Management Server/PGP Universal Server Input Validation Flaw Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00","name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Security Advisories Relating to Symantec Products - Symantec Encryption Management Server Web Email Protection XSS - 2013-07-22T11:50:13 PDT\n\t| Symantec","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/61290","name":"http://www.securityfocus.com/bid/61290","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Symantec Encryption Management Server Web Email Protection Cross Site Scripting Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85902","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85902","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4674","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4674","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"encryption_management_server","cpe6":"3.3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4674","vulnerable":"1","versionEndIncluding":"3.3.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"encryption_management_server","cpe6":"*","cpe7":"mp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"pgp_universal_server","cpe6":"3.2.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"pgp_universal_server","cpe6":"3.2.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2013","cve_id":"4674","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"symantec","cpe5":"pgp_universal_server","cpe6":"3.2.1","cpe7":"mp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:52:26.753Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"61290","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/61290"},{"name":"symantec-encryption-cve20134674-xss(85902)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00"},{"name":"54214","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/54214"},{"name":"95581","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/95581"},{"name":"1028820","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1028820"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-07-22T00:00:00.000Z","descriptions":[{"lang":"en","value":"Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-11-28T15:57:01.000Z","orgId":"80d3bcb6-88de-48c2-a47e-aebf795f19b5","shortName":"symantec"},"references":[{"name":"61290","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/61290"},{"name":"symantec-encryption-cve20134674-xss(85902)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00"},{"name":"54214","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/54214"},{"name":"95581","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/95581"},{"name":"1028820","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1028820"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@symantec.com","ID":"CVE-2013-4674","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"61290","refsource":"BID","url":"http://www.securityfocus.com/bid/61290"},{"name":"symantec-encryption-cve20134674-xss(85902)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/85902"},{"name":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00","refsource":"CONFIRM","url":"http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130722_00"},{"name":"54214","refsource":"SECUNIA","url":"http://secunia.com/advisories/54214"},{"name":"95581","refsource":"OSVDB","url":"http://osvdb.org/95581"},{"name":"1028820","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1028820"}]}}}},"cveMetadata":{"assignerOrgId":"80d3bcb6-88de-48c2-a47e-aebf795f19b5","assignerShortName":"symantec","cveId":"CVE-2013-4674","datePublished":"2013-07-31T10:00:00.000Z","dateReserved":"2013-06-24T00:00:00.000Z","dateUpdated":"2024-08-06T16:52:26.753Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-07-31 13:20:28","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-79","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:encryption_management_server:*:mp1:*:*:*:*:*:*","versionEndIncluding":"3.3.0","matchCriteriaId":"2069D735-6AFB-42E2-9905-727BC4843334"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:encryption_management_server:3.3.0:*:*:*:*:*:*:*","matchCriteriaId":"4E805751-CA25-49A9-A77F-4BC81B6544C0"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:pgp_universal_server:3.2.0:*:*:*:*:*:*:*","matchCriteriaId":"3FA364D4-4B6E-4041-B47B-C19BE1D0182F"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:pgp_universal_server:3.2.1:*:*:*:*:*:*:*","matchCriteriaId":"7EE70F7D-6053-4BB3-A6AE-568812684DA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:symantec:pgp_universal_server:3.2.1:mp2:*:*:*:*:*:*","matchCriteriaId":"13F6B46F-E6C2-41A5-9820-D3B6C1490524"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4674","Ordinal":"1","Title":"CVE-2013-4674","CVE":"CVE-2013-4674","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4674","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in the Web Email Protection component in Symantec Encryption Management Server (formerly Symantec PGP Universal Server) before 3.3.0 MP2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted encrypted e-mail attachment.","Type":"Description","Title":"CVE-2013-4674"},{"CveYear":"2013","CveId":"4674","Ordinal":"2","NoteData":"2013-07-31","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4674","Ordinal":"3","NoteData":"2017-11-28","Type":"Other","Title":"Modified"}]}}}