Chuayupeng

**Name of the Vulnerable Software and Affected Versions** EasyEmail versions prior to 4.12.2 **Description** A Cross Site Scripting (XSS) issue allows a local attacker to execute arbitrary code via the `user input parameter(s)`. The researcher claims this issue is present in all versions prior to and later than the tested version. **Recommendations** For versions prior to 4.12.2, consider disabling the user input functionality until a patch is available. As a temporary workaround, restrict access to the vulnerable parameter `user input parameter(s)` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.