Arbitrary Web Script Injection in Aryanic HighMail (High CMS) LoginForm

Arbitrary Web Script Injection in Aryanic HighMail (High CMS) LoginForm

CVE-2020-23517 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm.

Learn more about our Web App Pen Testing.