CVE-2024-37392

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.
Configurations

Configuration 1 (hide)

cpe:2.3:a:smseagle:smseagle:*:*:*:*:*:*:*:*

History

12 Sep 2024, 20:41

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CPE cpe:2.3:a:smseagle:smseagle:*:*:*:*:*:*:*:*
CWE CWE-79
References () https://www.smseagle.eu/2024/08/21/resolved-xss-in-smseagle-software-cve-2024-37392/ - () https://www.smseagle.eu/2024/08/21/resolved-xss-in-smseagle-software-cve-2024-37392/ - Vendor Advisory
First Time Smseagle
Smseagle smseagle

26 Aug 2024, 12:47

Type Values Removed Values Added
Summary
  • (es) Se ha identificado una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la versión del software SMSEagle &lt; 6.0. La vulnerabilidad surge porque la aplicación no desinfectó adecuadamente la entrada del usuario en los mensajes SMS en la bandeja de entrada. Esto podría permitir a un atacante inyectar código JavaScript malicioso en un mensaje SMS, que se ejecuta cuando el SMS se ve y se interactúa especialmente en la GUI web.

23 Aug 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-23 21:15

Updated : 2024-10-27 14:35


NVD link : CVE-2024-37392

Mitre link : CVE-2024-37392

CVE.ORG link : CVE-2024-37392


JSON object : View

Products Affected

smseagle

  • smseagle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')