CVE-2020-29072

2020-11-2502:47:47

mitre

www.cve.org

cross-site script inclusion

liquidfiles 3.3.19

client-side attack

encrypted email leakage

AI Score

6.1

Confidence

High

EPSS

0.001

Percentile

44.6%

JSON

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction (opening a link) and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js.