PT-2026-26052 · Unknown · Beefree.Io Sdk
Michał Błaszczak
·
Publicado
2026-03-18
·
Atualizado
2026-03-18
·
CVE-2025-12518
CVSS v4.0
5.3
Média
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
beefree.io SDK versions prior to 3.47.0
Description
The beefree.io SDK contains a Stored Cross-Site Scripting (XSS) issue within the Social Media icon URL parameter of the email builder functionality. A malicious actor can inject arbitrary HTML and JavaScript into a template. This injected code will be rendered and executed when a user views the preview page. The effectiveness of payloads may be limited by the beefree Content Security Policy.
Recommendations
Update to version 3.47.0 or later.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Beefree.Io Sdk