CVE-2024-55492

Name of the Vulnerable Software and Affected Versions Winmail Server version 4.4

Description The issue concerns a Cross Site Scripting (XSS) vulnerability. It involves the f user variable and a specific payload %22%3E%3Csvg%20onload. This type of attack can allow an attacker to inject malicious scripts into a website, potentially leading to unauthorized access or control of user sessions.

Recommendations For Winmail Server version 4.4, as a temporary workaround, consider restricting access to the f user variable until a patch is available. Avoid using the f user variable in sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.