vendor:
SendStudio (Email Marketer)
by:
5.5
CVSS
MEDIUM
Cross-Site Scripting, Security Bypass
79 (XSS), 287 (Security Bypass)
CWE
Product Name: SendStudio (Email Marketer)
Affected Version From:
Affected Version To:
Patch Exists:
Related CWE:
CPE:
Platforms Tested:
Cross-Site Scripting and Security Bypass in SendStudio (Email Marketer)
An attacker can execute arbitrary script code in the browser of an unsuspecting user, steal cookie-based authentication credentials, and gain unauthorized administrative access to the affected application.
Mitigation:
Implement input validation and output encoding to prevent XSS attacks. Implement proper authentication and authorization mechanisms to prevent security bypass.