PT-2022-10050 · Seppmail · Seppmail
Published
2022-10-24
·
Updated
2022-11-22
·
CVE-2021-31739
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SEPPmail version 11.1.10
Description
The issue arises from incorrect encoding of user input in HTML attributes when returned by the server, leading to a Cross-Site Scripting (XSS) vulnerability. This allows XSS via a recipient address.
Recommendations
For SEPPmail version 11.1.10, ensure that user input is correctly encoded in HTML attributes to prevent XSS attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Seppmail