CVE-2020-27509

Name of the Vulnerable Software and Affected Versions Galaxkey versions up to 5.6.11.5

Description The issue allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the subject field. The payload executes when the recipient logs into their mailbox.

Recommendations For Galaxkey versions up to 5.6.11.5, update to a version later than 5.6.11.5 to resolve the issue. As a temporary workaround, consider restricting access to the email client's subject field to minimize the risk of exploitation. Avoid using the subject field in emails until the issue is resolved.