| शीर्षक | Mettle sendportal v3.0.1 Cross Site Scripting |
|---|
| विवरण | A Stored Cross-Site Scripting (XSS) vulnerability exists in the campaign content rendering functionality. An authenticated user can inject arbitrary JavaScript into the content field, which is later rendered without sanitization using Laravel Blade’s {!! !!} directive.
This results in execution of attacker-controlled JavaScript when:
The campaign preview page is opened
The public webview link (/webview/{hash}) is accessed |
|---|
| स्रोत | ⚠️ https://github.com/mettle/sendportal/issues/338 |
|---|
| उपयोगकर्ता | B1scuit (UID 97177) |
|---|
| सबमिशन | 08/05/2026 07:49 AM (28 दिन पहले) |
|---|
| संयम | 31/05/2026 10:14 AM (23 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 367513 [Mettle sendportal तक 3.0.1 Campaign /webview/ content क्रॉस साइट स्क्रिप्टिंग] |
|---|
| अंक | 20 |
|---|