CVE-2020-23517

Name of the Vulnerable Software and Affected Versions Aryanic HighMail (High CMS) versions 2020 and before

Description The issue allows remote attackers to inject arbitrary web script or HTML via the user variable to the LoginForm, enabling Cross Site Scripting (XSS) attacks.

Recommendations For Aryanic HighMail (High CMS) versions 2020 and before, as a temporary workaround, consider restricting access to the LoginForm or disabling the user variable input until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.