Description

CRLF injection vulnerability in the send email functionality in dotCMS before 3.3.2 allows remote attackers to inject arbitrary email headers via CRLF sequences in the subject.

Remediation

References

CVE-2016-4803

Related Vulnerabilities

Python Incorrect Conversion between Numeric Types Vulnerability (CVE-2008-1721)

WordPress Plugin Simple Share Buttons Adder Cross-Site Scripting (5.6)

MongoDb Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4650)

WordPress Improper Access Control Vulnerability (CVE-2015-5623)

Internet Information Services Other Vulnerability (CVE-2001-0336)

Severity

High

Classification

CVE-2016-4803 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities