First published: Thu Jul 20 2017(Updated: )
Last updated 24 July 2024
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/phpmailer/phpmailer | >=5.0.0<5.2.24 | 5.2.24 |
Phpmailer Project Phpmailer | =5.2.23 | |
debian/libphp-phpmailer | 6.2.0-2 6.6.3-1 6.9.1-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2017-11503 is medium with a CVSS score of 6.1.
PHPMailer 5.2.23 and libphp-phpmailer versions 5.2.14+dfsg-2.3+, 5.2.24, 5.2.14+dfsg-1ubuntu0.1~, 6.0.6-0.1, 6.2.0-2, and 6.6.3-1 are affected by CVE-2017-11503.
CVE-2017-11503 is an XSS vulnerability in the "From Email Address" and "To Email Address" fields of code_generator.php in PHPMailer 5.2.23.
To fix the CVE-2017-11503 vulnerability, update PHPMailer to version 5.2.24 or higher.
More information about CVE-2017-11503 can be found at the following references: [GitHub](https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24), [CVE Details](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503), [CXSecurity](https://cxsecurity.com/issue/WLB-2017060181).