PT-2024-12819 · Easyemail · Easyemail
Chuayupeng
·
Published
2024-02-08
·
Updated
2024-04-30
·
CVE-2023-39683
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
EasyEmail versions prior to 4.12.2
Description
A Cross Site Scripting (XSS) issue allows a local attacker to execute arbitrary code via the
user input parameter(s). The researcher claims this issue is present in all versions prior to and later than the tested version.Recommendations
For versions prior to 4.12.2, consider disabling the user input functionality until a patch is available.
As a temporary workaround, restrict access to the vulnerable parameter
user input parameter(s) to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Easyemail