| 제목 | Mettle sendportal v3.0.1 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability exists in the campaign content rendering functionality. An authenticated user can inject arbitrary JavaScript into the content field, which is later rendered without sanitization using Laravel Blade’s {!! !!} directive.
This results in execution of attacker-controlled JavaScript when:
The campaign preview page is opened
The public webview link (/webview/{hash}) is accessed |
|---|
| 원천 | ⚠️ https://github.com/mettle/sendportal/issues/338 |
|---|
| 사용자 | B1scuit (UID 97177) |
|---|
| 제출 | 2026. 05. 08. AM 07:49 (29 날 ago) |
|---|
| 모더레이션 | 2026. 05. 31. AM 10:14 (23 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 367513 [Mettle sendportal 까지 3.0.1 Campaign /webview/ content 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|