Cross site scripting

2022-07-2622:15:00

PRIOn knowledge base

www.prio-n.com

inmailx

outlook

plugin

xss

vulnerability

cross site scripting

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

JSON

InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.

CPENameOperatorVersion
inmailxge3.21.0601
inmailxlt3.22.0101

CPE	Name	Operator	Version
	inmailx	ge	3.21.0601
	inmailx	lt	3.22.0101

References

www.inmailx.com/products/inmailx

gist.github.com/TheWorkingDeveloper/9b7afbfe56938294480f7613805d3b7f