XSS vulnerability on email template preview page
Package
Affected versions
>= 3.1.0, < 3.1.21
>= 4.1.0, < 4.1.14
>= 4.2.0, < 4.2.8
Patched versions
3.1.21
4.1.14
4.2.8
Description
Reviewed
Jan 4, 2022
Published by the National Vulnerability Database
Jan 4, 2022
Published to the GitHub Advisory Database
Jan 6, 2022
Last updated
Feb 3, 2023
Summary
Email template preview is vulnerable to XSS payload added to email template content. The attacker should have permission to create or edit an email template. For successful payload, execution attacked user should preview a vulnerable email template.
Workarounds
There are no workarounds that address this vulnerability.
References