Description

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.

INFO

Published Date :

2024-08-23T00:00:00.000Z

Last Modified :

2025-03-20T13:42:50.377Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-37392 vulnerability.

Vendors Products
Smseagle
  • Smseagle
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-37392.

URL Resource
https://www.smseagle.eu/security-advisory/resolved-xss-in-smseagle-software-cve-2024-37392/ cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact