interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS via the Subject and Message-Id headers, which are mishandled in the history page.
References
Link | Resource |
---|---|
https://github.com/vstakhov/rspamd/issues/1738 | Exploit Issue Tracking Third Party Advisory |
https://github.com/vstakhov/rspamd/releases/tag/1.6.3 | Release Notes Third Party Advisory |
Configurations
History
No history.
Information
Published : 2017-07-29 14:29
Updated : 2024-02-04 19:29
NVD link : CVE-2017-11737
Mitre link : CVE-2017-11737
CVE.ORG link : CVE-2017-11737
JSON object : View
Products Affected
rspamd_project
- rspamd
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')