Description
InMailX Outlook Plugin < 3.22.0101 is vulnerable to Cross Site Scripting (XSS). InMailX Connection names are not sanitzed in the Outlook tab, which allows a local user or network administrator to execute HTML / Javascript in the Outlook of users.
References
http://www.inmailx.com/products/inmailx
ProductVendor Advisory
https://gist.github.com/TheWorkingDeveloper/9b7afbfe56938294480f7613805d3b7f
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-07-26T22:15:10.753
2 years agoLast modified
2022-08-02T19:42:52.900
2 years ago