Showing 1 - 2 of 2

CVE-2017-11503

Status Candidate

Overview

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.

Ubuntu Security Notice USN-5956-1: Posted Mar 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.; tags | advisory, arbitrary, shell, php, xss; systems | linux, ubuntu; advisories | CVE-2016-10033, CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603; SHA-256 | 222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c; Download | Favorite | View

Ubuntu Security Notice USN-5956-2: Posted Mar 16, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.; tags | advisory, arbitrary, shell, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-11503, CVE-2017-5223, CVE-2018-19296, CVE-2020-13625, CVE-2021-3603; SHA-256 | 80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150; Download | Favorite | View

Page 1 of 1 Back 1 Next