Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.
References
Configurations
History
07 Nov 2023, 03:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
01 Jul 2022, 13:51
Type | Values Removed | Values Added |
---|---|---|
First Time |
Galaxkey
Galaxkey galaxkey |
|
CPE | cpe:2.3:a:galaxkey:galaxkey:*:*:*:*:*:*:*:* | |
References | (MISC) http://galaxkey.com - Product | |
References | (MISC) https://medium.com/@tomhulme_74888/persistent-cross-site-scripting-leading-to-full-account-takeover-on-galaxkey-v5-6-11-4-8bf96be35b54 - Exploit, Third Party Advisory | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : 3.5
v3 : 5.4 |
26 Jun 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-06-26 13:15
Updated : 2023-12-10 14:22
NVD link : CVE-2020-27509
Mitre link : CVE-2020-27509
CVE.ORG link : CVE-2020-27509
JSON object : View
Products Affected
galaxkey
- galaxkey
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')