MEDIUM🇬🇧 English

CVE-2023-4393

CVSS 5.4v3.1pub. 2023-10-30upd. 2024-11-21

HTML and SMTP injections on the registration page of LiquidFiles versions 3.7.13 and below, allow an attacker to perform more advanced phishing attacks against an organization.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • Liquidfiles

    APP
    Liquidfiles
    < 3.7.14
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-46093CRITICAL9.9PL ✓ten sam produkt

RCE jako root w LiquidFiles — FTP SITE CHMOD z setuid/setgid

CVE-2020-29071CRITICAL9.0ten sam produkt

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the insecure ...

CVE-2025-56132HIGH7.3ten sam produkt

LiquidFiles filetransfer server is vulnerable to a user enumeration issue in its password reset functionality....

CVE-2021-43397HIGH8.8ten sam produkt

LiquidFiles before 3.6.3 allows remote attackers to elevate their privileges from Admin (or User Admin) to Sys...

CVE-2021-30140MEDIUM5.4ten sam produkt

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an a...