PT-2023-26327 · Unknown · Superwebmailer

Florian Dewald

Publicado

2023-10-20

Atualizado

2023-10-27

CVE-2023-38191

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SuperWebMailer version 9.00.0.01710

Description An issue was discovered in SuperWebMailer that allows spamtest external.php XSS via a crafted filename. The issue is related to the filename variable, which can be exploited to execute XSS attacks.

Recommendations For SuperWebMailer version 9.00.0.01710, consider restricting access to the spamtest external.php file until a patch is available. As a temporary workaround, avoid using crafted filenames that could exploit the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-38191

Produtos afetados

Superwebmailer

PT-2023-26327 · Unknown · Superwebmailer

CVE-2023-38191

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6