S4E

CVE-2019-13392 Scanner

CVE-2019-13392 scanner - Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail

Short Info


Level

Medium

Single Scan

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

1 month 1 day

Scan only one

Domain, IPv4

Toolbox

-

MindPalette NateMail is an email marketing platform designed for businesses that want to create and send newsletters to customers. It allows users to customize their newsletters with templates, images, and text to best showcase their product or service. With the ability to track open and click rates, MindPalette NateMail helps businesses measure the success of their email marketing campaigns.

CVE-2019-13392 is a reflected Cross-Site Scripting (XSS) vulnerability recently found in MindPalette NateMail 3.0.15. This vulnerability allows an attacker to execute remote JavaScript through a specially crafted POST request in a victim's browser. If the recipient value is not in the NateMail recipient array, the application will reflect it, opening up the possibility for attackers to inject malicious code.

The consequences of this vulnerability can be severe, as attackers can take control of a user's browser and potentially steal sensitive information. They could also use the vulnerability to carry out phishing attacks, posing as a legitimate source and tricking the user into providing personal information.

Those who read this article can benefit from the pro features of the s4e.io platform. By using this platform, users can quickly and easily identify vulnerabilities in their digital assets and take steps to address them. This service is especially valuable for small businesses or individuals who may not have the resources to hire a dedicated security team. With s4e.io, anyone can have peace of mind knowing their digital assets are secure.

 

REFERENCES

Get started to protecting your Free Full Security Scan