An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4. An authenticated attacker can inject arbitrary HTML via a crafted email with HTML content in the Subject field.
References
Link | Resource |
---|---|
https://github.com/CERTCC/VINCE/issues?q=label%3Asecurity | Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: certcc
Published: 2022-10-10T00:00:00
Updated: 2022-11-01T21:37:41.256Z
Reserved: 2022-09-08T00:00:00
Link: CVE-2022-40257
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-10T20:15:09.793
Modified: 2023-07-10T17:43:25.830
Link: CVE-2022-40257
JSON object: View
Redhat Information
No data.