Security Advisory

CVE-2019-17123

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2019-12-13 17:54:27

Last updated 2024-08-05 01:33:16

Assigner mitre

State PUBLISHED

Description

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment characters.)

← Browse all CVEs View on cve.org ↗