HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
References
Link | Resource |
---|---|
https://advisory.checkmarx.net/advisory/CX-2017-4223 | |
https://www.checkmarx.com/advisories/html-injection-securimage/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-18T01:00:00
Updated: 2021-03-30T22:37:29
Reserved: 2017-08-31T00:00:00
Link: CVE-2017-14077
JSON object: View
NVD Information
Status : Modified
Published: 2017-11-18T01:29:00.197
Modified: 2021-03-30T23:15:13.770
Link: CVE-2017-14077
JSON object: View
Redhat Information
No data.
CWE