Description
Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by loneferret · pythonwebappswindows
https://www.exploit-db.com/exploits/20363
References (1)
Core 1
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/20363/
Scores
EPSS
0.0039
EPSS Percentile
59.8%
Details
CWE
CWE-79
Status
published
Products (1)
netwin/surgemail
6.0 a4
Published
Sep 17, 2012
Tracked Since
Feb 18, 2026