CVE-2023-40599

Name of the Vulnerable Software and Affected Versions Mailform Pro CGI versions 4.3.1.3 and earlier

Description A Regular expression Denial-of-Service (ReDoS) issue exists in multiple add-ons for Mailform Pro CGI, allowing a remote unauthenticated attacker to cause a denial-of-service condition. The affected add-ons include call/call.js, prefcodeadv/search.cgi, estimate/estimate.js, search/search.js, suggest/suggest.js, and coupon/coupon.js.

Recommendations For Mailform Pro CGI versions 4.3.1.3 and earlier, consider disabling the affected add-ons, specifically call.js, search.cgi, estimate.js, search.js, suggest.js, and coupon.js, until a patch is available. Restrict access to these add-ons to minimize the risk of exploitation.