CVE-2023-39683

Опубликовано: 09 фев. 2024

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.

Ссылки

https://github.com/zalify/easy-email/issues/321
Issue Tracking
https://github.com/zalify/easy-email/issues/373
Issue Tracking
https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49
Exploit
Third Party Advisory
https://github.com/zalify/easy-email/issues/321
Issue Tracking
https://github.com/zalify/easy-email/issues/373
Issue Tracking
https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zalify:easy_email:*:*:*:*:*:node.js:*:*

Версия до 4.12.2 (включая)

EPSS

Процентиль: 28%

0.00101

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-3256-58fp-785h