A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
History

Tue, 03 Dec 2024 18:45:00 +0000


Tue, 03 Dec 2024 18:00:00 +0000


Thu, 12 Sep 2024 21:00:00 +0000

Type Values Removed Values Added
First Time appeared Smseagle
Smseagle smseagle
Weaknesses CWE-79
CPEs cpe:2.3:a:smseagle:smseagle:*:*:*:*:*:*:*:*
Vendors & Products Smseagle
Smseagle smseagle
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}


Mon, 26 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 23 Aug 2024 21:00:00 +0000

Type Values Removed Values Added
Description A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-23T00:00:00

Updated: 2024-12-03T17:52:34.283933

Reserved: 2024-06-07T00:00:00

Link: CVE-2024-37392

cve-icon Vulnrichment

Updated: 2024-08-26T16:39:29.684Z

cve-icon NVD

Status : Modified

Published: 2024-08-23T21:15:07.253

Modified: 2024-12-03T18:15:13.410

Link: CVE-2024-37392

cve-icon Redhat

No data.