Medium severity6.1NVD Advisory· Published Jul 20, 2017· Updated May 13, 2026
CVE-2017-11503
CVE-2017-11503
Description
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmailer/phpmailerPackagist | >= 5.0.0, < 5.2.24 | 5.2.24 |
Affected products
1- cpe:2.3:a:phpmailer_project:phpmailer:5.2.23:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24nvdPatchRelease NotesThird Party AdvisoryWEB
- cxsecurity.com/issue/WLB-2017060181nvdExploitThird Party AdvisoryWEB
- packetstormsecurity.com/files/143138/phpmailer-xss.txtnvdExploitThird Party AdvisoryVDB EntryWEB
- www.securityfocus.com/bid/99293/nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1039026nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-58mj-pw57-4vm2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-11503ghsaADVISORY
- www.securityfocus.com/bid/99293ghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmailer/phpmailer/CVE-2017-11503.yamlghsaWEB
- github.com/PHPMailer/PHPMailer/security/advisories/GHSA-58mj-pw57-4vm2ghsaWEB
News mentions
0No linked articles in our index yet.