A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.
References
Link | Resource |
---|---|
https://lean0x2f.github.io/liquidfiles_advisory | Exploit Third Party Advisory |
https://man.liquidfiles.com/release_notes/version_3-3-x.html | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-25T02:47:47
Updated: 2020-11-25T02:47:47
Reserved: 2020-11-25T00:00:00
Link: CVE-2020-29072
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-25T03:15:11.097
Modified: 2022-06-28T14:11:45.273
Link: CVE-2020-29072
JSON object: View
Redhat Information
No data.
CWE