CVE-2024-37392

Name of the Vulnerable Software and Affected Versions SMSEagle versions prior to 6.0

Description A stored Cross-Site Scripting (XSS) issue has been identified. The application did not properly sanitize user input in SMS messages in the inbox, allowing an attacker to inject malicious JavaScript code into an SMS message. This code gets executed when the SMS is viewed and specially interacted with in the web-GUI.

Recommendations For versions prior to 6.0, update to version 6.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the inbox feature in the web-GUI to minimize the risk of exploitation.