CVE-2019-13392 Scanner
CVE-2019-13392 scanner - Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
1 month 1 day
Scan only one
Domain, IPv4
Toolbox
-
MindPalette NateMail is an email marketing platform designed for businesses that want to create and send newsletters to customers. It allows users to customize their newsletters with templates, images, and text to best showcase their product or service. With the ability to track open and click rates, MindPalette NateMail helps businesses measure the success of their email marketing campaigns.
CVE-2019-13392 is a reflected Cross-Site Scripting (XSS) vulnerability recently found in MindPalette NateMail 3.0.15. This vulnerability allows an attacker to execute remote JavaScript through a specially crafted POST request in a victim's browser. If the recipient value is not in the NateMail recipient array, the application will reflect it, opening up the possibility for attackers to inject malicious code.
The consequences of this vulnerability can be severe, as attackers can take control of a user's browser and potentially steal sensitive information. They could also use the vulnerability to carry out phishing attacks, posing as a legitimate source and tricking the user into providing personal information.
Those who read this article can benefit from the pro features of the s4e.io platform. By using this platform, users can quickly and easily identify vulnerabilities in their digital assets and take steps to address them. This service is especially valuable for small businesses or individuals who may not have the resources to hire a dedicated security team. With s4e.io, anyone can have peace of mind knowing their digital assets are secure.
REFERENCES