CVE-2023-39683

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 9, 2024

Updated: Apr 30, 2024

CWE ID 79

Summary

CVE-2023-39683 is a Cross-Site Scripting (XSS) vulnerability identified in EasyEmail version 4.12.2 and older. This issue allows a local attacker to inject and execute malicious scripts through user input parameters. The impact extends to all versions of EasyEmail, as per the researcher's claim. An attacker can exploit this vulnerability to steal sensitive data, manipulate web pages, or launch further attacks. Users are advised to upgrade to the latest patched version or apply appropriate mitigations to protect against this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sP2Ui2
https://www.cve.org/CVERecord?id=CVE-2023-39683
https://nvd.nist.gov/vuln/detail/CVE-2023-39683

Back to Vulnerability Database

CVE-2023-39683

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations