CVE-2024-55492 — Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scri... | CVE Daily

Medium CVSS 6.1

Overview

Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS).

CWE: CWE-79 Published: 2024-12-18T17:15:14.400

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.1 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Recommended tools

Tags

Cross-site Scripting (XSS)