Xenophage

**Name of the Vulnerable Software and Affected Versions** Biz Mail Form versions prior to 2.2 **Description** The issue allows remote attackers to bypass the email check and send spam email via CRLF sequences and forged mail headers in the `email` parameter. This is due to a CRLF injection vulnerability in the `bizmail.cgi` component. **Recommendations** For versions prior to 2.2, update to version 2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `bizmail.cgi` component to minimize the risk of exploitation. Avoid using the `email` parameter in the affected component until the issue is resolved.