CVE-2019-13392

MEDIUM NUCLEI

Mindpalette Natemail - XSS

Title source: rule

Description

A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid.

Nuclei Templates (1)

MindPalette NateMail 3.0.15 - Cross-Site Scripting

MEDIUMby pikpikcu

References (3)

[Product] https://mindpalette.com/tag/natemail/

[Not Applicable] https://twitter.com/mindpalette

[Exploit, Third Party Advisory] https://www.doyler.net/security-not-included/natemail-vulnerabilities

Scores

CVSS v3 6.1

EPSS 0.1088

EPSS Percentile 93.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mindpalette/natemail 3.0.15

Published Oct 16, 2019

Tracked Since Feb 18, 2026