CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14077

HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.3%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

Products affected by CVE-2017-14077

Phpcaptcha » Securimage » Version: 2.0

cpe:2.3:a:phpcaptcha:securimage:2.0
Phpcaptcha » Securimage » Version: 2.0.2

cpe:2.3:a:phpcaptcha:securimage:2.0.2
Phpcaptcha » Securimage » Version: 3.0

cpe:2.3:a:phpcaptcha:securimage:3.0
Phpcaptcha » Securimage » Version: 3.2

cpe:2.3:a:phpcaptcha:securimage:3.2
Phpcaptcha » Securimage » Version: 3.5

cpe:2.3:a:phpcaptcha:securimage:3.5
Phpcaptcha » Securimage » Version: 3.5.2

cpe:2.3:a:phpcaptcha:securimage:3.5.2
Phpcaptcha » Securimage » Version: 3.5.4

cpe:2.3:a:phpcaptcha:securimage:3.5.4
Phpcaptcha » Securimage » Version: 3.6

cpe:2.3:a:phpcaptcha:securimage:3.6
Phpcaptcha » Securimage » Version: 3.6.1

cpe:2.3:a:phpcaptcha:securimage:3.6.1
Phpcaptcha » Securimage » Version: 3.6.2

cpe:2.3:a:phpcaptcha:securimage:3.6.2
Phpcaptcha » Securimage » Version: 3.6.3

cpe:2.3:a:phpcaptcha:securimage:3.6.3
Phpcaptcha » Securimage » Version: 3.6.4

cpe:2.3:a:phpcaptcha:securimage:3.6.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-14077

Products

Pricing

Contact Us