Описание
Securimage HTML Injection
HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
Пакеты
Наименование
dapphp/securimage
composer
Затронутые версииВерсия исправления
< 3.6.6
3.6.6
Связанные уязвимости
CVSS3: 6.1
nvd
около 8 лет назад
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.