3 matches found
CVE-2019-17123
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...
CVE-2019-17123
creationtimestamp| type| source ---|---|--- 2019-12-15 21:55:05+00:00| seen| https://t.me/canyoupwnme/6187 2024-03-12 08:12:28+00:00| seen| https://t.me/ctinow/205358...
CVE-2019-17123
The CVE-2019-17123 entry concerns the eGain Web Email API 11+ where spoofed messages are possible due to improper handling of the fromName and message fields used in /system/ws/v11/ss/email. The root cause is mishandling of fromName with header injection via %0a/%0d and the message parameter allo...