CVE-2024-11990

Name of the Vulnerable Software and Affected Versions SurgeMail version v78c2

Description A Cross-Site Scripting (XSS) issue could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

Recommendations For SurgeMail version v78c2, consider disabling access to parameters that could be used to inject malicious JavaScript code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.