CVE-2017-14077
MEDIUMSecurimage < 3.6.4 - HTML Injection via HTTP_USER_AGENT Parameter
Title source: llmDescription
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://www.checkmarx.com/advisories/html-injection-securimage/
Vendor Advisory x_refsource_misc
https://advisory.checkmarx.net/advisory/CX-2017-4223
Scores
CVSS v3
6.1
EPSS
0.0081
EPSS Percentile
52.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-94
Status
published
Products (2)
dapphp/securimage
0 - 3.6.6Packagist
phpcaptcha/securimage
< 3.6.4
Published
Nov 18, 2017
Tracked Since
Feb 18, 2026