PT-2022-15142 · Unknown · Php Mailform
Apple502J
·
Published
2022-02-08
·
Updated
2022-02-11
·
CVE-2022-21805
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
php mailform versions prior to 1.40
Description
A reflected cross-site scripting issue in the attached file name allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors.
Recommendations
For versions prior to 1.40, update to version 1.40 or later to resolve the issue. As a temporary workaround, consider restricting the ability to attach files or validating file names to prevent malicious input.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php Mailform