interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-07-29T14:00:00Z
Updated: 2024-09-16T17:58:16.592Z
Reserved: 2017-07-29T00:00:00Z
Link: CVE-2017-11737
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2017-07-29T14:29:00.273
Modified: 2017-08-02T18:08:15.143
Link: CVE-2017-11737
Redhat
No data.