CVE-2017-11503 — Cross-site Scripting in Phpmailer

CWE-79 — Cross-site Scripting13 documents7 sources

Severity

6.1MEDIUMNVD

OSV9.8

EPSS

2.2%

top 15.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmailer Phpmailer Project Phpmailer

Timeline

PublishedJul 20

Latest updateMar 15

Description

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶Packagistphpmailer/phpmailer5.0.0 — 5.2.24

▶NVDphpmailer_project/phpmailer5.2.23

Patches

Patch: github.com ↗

🔴Vulnerability Details

OSV

libphp-phpmailer vulnerability↗2023-03-15

▶

OSV

libphp-phpmailer vulnerabilities↗2023-03-15

▶

GHSA

Cross-site scripting in PHPMailer↗2020-03-05

▶

OSV

Cross-site scripting in PHPMailer↗2020-03-05

▶

OSV

CVE-2017-11503: PHPMailer 5↗2017-07-20

▶

📋Vendor Advisories

Ubuntu

PHPMailer vulnerabilities↗2023-03-15

▶

Ubuntu

PHPMailer vulnerability↗2023-03-15

▶

Debian

CVE-2017-11503: libphp-phpmailer - PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fiel...↗2017

▶

💬Community

Bugzilla

CVE-2017-11503 phpmailer: XSS in code_generator.php↗2017-07-24

▶

Bugzilla

CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all]↗2017-07-24

▶

Bugzilla

CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [epel-all]↗2017-07-24

▶