CVE-2017-11617: XSS
First published: Tue Jul 25 2017(Updated: )
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Phlymail | <=7.8.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-11617?
CVE-2017-11617 is classified as a medium severity vulnerability due to the potential for cross-site scripting attacks.
How do I fix CVE-2017-11617?
To fix CVE-2017-11617, upgrade Atmail to version 7.8.0.2 or later, where the vulnerability has been resolved.
Who is affected by CVE-2017-11617?
CVE-2017-11617 affects users of Atmail versions prior to 7.8.0.2.
What type of vulnerability is CVE-2017-11617?
CVE-2017-11617 is a cross-site scripting (XSS) vulnerability that allows attackers to inject HTML or web script.
What can attackers achieve with CVE-2017-11617?
Attackers can exploit CVE-2017-11617 to execute arbitrary web scripts in the context of a victim's browser when they view an affected email.
- agent/type
- agent/references
- agent/severity
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/atmail
- canonical/phlymail
- version/phlymail/7.8.0.1