A Cross-Site Scripting (XSS) vulnerability in SurgeMail... · CVE-2024-11990 · GitHub Advisory Database · GitHub

A Cross-Site Scripting (XSS) vulnerability in SurgeMail...

Moderate severity Unreviewed Published Nov 29, 2024 to the GitHub Advisory Database • Updated Nov 29, 2024

Package

No package listed— Suggest a package

Affected versions

Unknown

Patched versions

Unknown

Description

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

References

Published by the National Vulnerability Database

Nov 29, 2024

Published to the GitHub Advisory Database Nov 29, 2024

Last updated Nov 29, 2024

Severity

Moderate

/ 10

CVSS v3 base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

Required

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N