The host is installed with Symantec Messaging Gateway 9.5.x before 10.0 and is prone to multiple cross-site scripting (XSS) vulnerabilities. The flaws are present in the application, which fails to properly handle web content or mail content. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.