CVE-2017-14077

Name of the Vulnerable Software and Affected Versions Securimage versions 3.6.4 and earlier Securimage versions prior to 3.6.6

Description The issue allows remote attackers to inject arbitrary HTML into an e-mail message body via the HTTP USER AGENT parameter to "example form.ajax.php" or "example form.php" API endpoints.

Recommendations For Securimage versions 3.6.4 and earlier, update to version 3.6.6 or later to resolve the issue. For Securimage versions prior to 3.6.6, update to version 3.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the example form.ajax.php and example form.php API endpoints to minimize the risk of exploitation. Avoid using the HTTP USER AGENT parameter in the affected API endpoints until the issue is resolved.