exploitDog

GHSA-mfr4-4gq8-693m

Опубликовано: 21 дек. 2023

Источник: github

Github: Не прошло ревью

CVSS3: 5.4

Описание

SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

SmarterTools SmarterMail 16.x 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

Ссылки

EPSS

Процентиль: 38%

0.00169

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-48115

CVSS3: 5.4

nvd

около 2 лет назад

SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when messageHTML and messagePlainText are set in the same request.

EPSS

Процентиль: 38%

0.00169

Низкий

5.4 Medium

CVSS3

CVE ID

Дефекты

CWE-79