HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT']
parameter to example_form.ajax.php
or example_form.php
.
{ "nvd_published_at": "2017-11-18T01:29:00Z", "cwe_ids": [ "CWE-94" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-04-23T17:14:29Z" }