Отправить #822923: Mettle sendportal v3.0.1 Cross Site ScriptingИнформация

НазваниеMettle sendportal v3.0.1 Cross Site Scripting
ОписаниеA Stored Cross-Site Scripting (XSS) vulnerability exists in the campaign content rendering functionality. An authenticated user can inject arbitrary JavaScript into the content field, which is later rendered without sanitization using Laravel Blade’s {!! !!} directive. This results in execution of attacker-controlled JavaScript when: The campaign preview page is opened The public webview link (/webview/{hash}) is accessed
Источник⚠️ https://github.com/mettle/sendportal/issues/338
Пользователь
 B1scuit (UID 97177)
Представление08.05.2026 07:49 (1 месяц назад)
Модерация31.05.2026 10:14 (23 days later)
Статуспринято
Запись VulDB367513 [Mettle sendportal до 3.0.1 Campaign /webview/ content межсайтовый скриптинг]
Баллы20

ПредыдущийОбзорДалее

Want to know what is going to be exploited?

We predict KEV entries!