CVE-2023-4393

Опубликовано: 30 окт. 2023

Источник: nvd

CVSS3: 5.4

CVSS3: 6.1

EPSS Низкий

Описание

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

Ссылки

https://www.themissinglink.com.au/security-advisories/cve-2023-4393
Vendor Advisory
https://www.themissinglink.com.au/security-advisories/cve-2023-4393
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:liquidfiles:liquidfiles:*:*:*:*:*:*:*:*

Версия до 3.7.14 (исключая)

EPSS

Процентиль: 53%

0.00297

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-116

CWE-74

Связанные уязвимости

GHSA-67p3-vgwg-jfjf

CVSS3: 5.4

github

больше 2 лет назад

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

EPSS

Процентиль: 53%

0.00297

Низкий

5.4 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-116

CWE-74