CVE-2026-3610

MEDIUM

HSC Cybersecurity Mailinspector <5.3.2-3 - XSS

Title source: llm

Description

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL Handler. The manipulation of the argument error_description results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. Upgrading to version 5.4.0 can resolve this issue. You should upgrade the affected component. The vendor was contacted early and responded very professional: "We have already implemented the fix and made a hotfix available to affected customers, ensuring mitigation while the official release 5.4.0 has not yet been published. This allows customers to address the issue immediately, outside the regular release cycle."

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.349219

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.349219

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.748710

Various Sources broken-link exploit

https://docs.google.com/document/d/1KI2SIDcVm5U3Yzo5tNT5YOwREQWe_5BJaWe-ctRmLoI/edit?usp=sharing

Scores

CVSS v3 4.3

EPSS 0.0027

EPSS Percentile 18.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79 CWE-94

Status published

Products (2)

HSC Cybersecurity/Mailinspector 5.3.2-3

HSC Cybersecurity/Mailinspector 5.4.0

Published Mar 06, 2026

Tracked Since Mar 06, 2026