CVE-2024-11990

MEDIUM

SurgeMail 78c2 - Cross-Site Scripting via Vulnerable Parameters

Title source: llm
STIX 2.1

Description

A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters.

Scores

CVSS v3 4.6
EPSS 0.0027
EPSS Percentile 18.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
NetWin/SurgeMail 78c2
Published Nov 29, 2024
Tracked Since Feb 18, 2026