Submit #822923: Mettle sendportal v3.0.1 Cross Site Scriptinginfo

TitelMettle sendportal v3.0.1 Cross Site Scripting
BeschreibungA Stored Cross-Site Scripting (XSS) vulnerability exists in the campaign content rendering functionality. An authenticated user can inject arbitrary JavaScript into the content field, which is later rendered without sanitization using Laravel Blade’s {!! !!} directive. This results in execution of attacker-controlled JavaScript when: The campaign preview page is opened The public webview link (/webview/{hash}) is accessed
Quelle⚠️ https://github.com/mettle/sendportal/issues/338
Benutzer
 B1scuit (UID 97177)
Einreichung08.05.2026 07:49 (vor 28 Tagen)
Moderieren31.05.2026 10:14 (23 days later)
StatusAkzeptiert
VulDB Eintrag367513 [Mettle sendportal bis 3.0.1 Campaign /webview/ content Cross Site Scripting]
Punkte20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!