A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
Metrics
Affected Vendors & Products
References
History
Tue, 03 Dec 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Tue, 03 Dec 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Thu, 12 Sep 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Smseagle
Smseagle smseagle |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:smseagle:smseagle:*:*:*:*:*:*:*:* | |
Vendors & Products |
Smseagle
Smseagle smseagle |
|
Metrics |
cvssV3_1
|
Mon, 26 Aug 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 23 Aug 2024 21:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-08-23T00:00:00
Updated: 2024-12-03T17:52:34.283933
Reserved: 2024-06-07T00:00:00
Link: CVE-2024-37392
Vulnrichment
Updated: 2024-08-26T16:39:29.684Z
NVD
Status : Modified
Published: 2024-08-23T21:15:07.253
Modified: 2024-12-03T18:15:13.410
Link: CVE-2024-37392
Redhat
No data.