2017-11-18 01:00:00
mitre
PUBLISHED
HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER[HTTP_USER_AGENT] parameter to example_form.ajax.php or example_form.php.