Facundo Fernandez

**Name of the Vulnerable Software and Affected Versions** Ferozo Email version 1.1 **Description** A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. This enables the attacker to perform actions on the affected system. **Recommendations** For Ferozo Email version 1.1, consider disabling the PDF preview component until a patch is available to prevent exploitation of this issue. Restrict access to the PDF preview functionality to minimize the risk of arbitrary code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.