CVE-2023-38191

Name of the Vulnerable Software and Affected Versions SuperWebMailer version 9.00.0.01710

Description An issue was discovered in SuperWebMailer that allows spamtest external.php XSS via a crafted filename. The issue is related to the filename variable, which can be exploited to execute XSS attacks.

Recommendations For SuperWebMailer version 9.00.0.01710, consider restricting access to the spamtest external.php file until a patch is available. As a temporary workaround, avoid using crafted filenames that could exploit the XSS vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.