A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
References
Link | Resource |
---|---|
https://www.smseagle.eu/2024/08/21/resolved-xss-in-smseagle-software-cve-2024-37392/ | Vendor Advisory |
Configurations
History
12 Sep 2024, 20:41
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
CWE | CWE-79 | |
First Time |
Smseagle
Smseagle smseagle |
|
CPE | cpe:2.3:a:smseagle:smseagle:*:*:*:*:*:*:*:* | |
References | () https://www.smseagle.eu/2024/08/21/resolved-xss-in-smseagle-software-cve-2024-37392/ - Vendor Advisory |
26 Aug 2024, 12:47
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Aug 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-08-23 21:15
Updated : 2024-10-27 14:35
NVD link : CVE-2024-37392
Mitre link : CVE-2024-37392
CVE.ORG link : CVE-2024-37392
JSON object : View
Products Affected
smseagle
- smseagle
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')