CVE-2023-39683
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
09/02/2024
Last modified:
15/05/2025
Description
Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version.
Impact
Base Score 3.x
6.10
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zalify:easy_email:*:*:*:*:*:node.js:*:* | 4.12.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/zalify/easy-email/issues/321
- https://github.com/zalify/easy-email/issues/373
- https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49
- https://github.com/zalify/easy-email/issues/321
- https://github.com/zalify/easy-email/issues/373
- https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49