CVE-2016-4803

2016-06-30T17:59:00
ID CVE-2016-4803
Type cve
Reporter cve@mitre.org
Modified 2016-11-28T20:21:00

Description

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject. <a href="https://cwe.mitre.org/data/definitions/93.html">CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a>