AI Score
Confidence
High
EPSS
Percentile
57.2%
HTML Injection in Securimage prior to 3.6.6 allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.
$_SERVER['HTTP_USER_AGENT']
example_form.ajax.php
example_form.php
advisory.checkmarx.net/advisory/CX-2017-4223
github.com/dapphp/securimage
github.com/dapphp/securimage/commit/2c7ce3f6fa5ab86fd0ac8e3b4d5d72a21329d8ea
nvd.nist.gov/vuln/detail/CVE-2017-14077
www.checkmarx.com/advisories/html-injection-securimage