Medium severity6.1NVD Advisory· Published Nov 18, 2017· Updated May 13, 2026

CVE-2017-14077

Description

HTML Injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
dapphp/securimagePackagist	< 3.6.6	3.6.6

Affected products

Phpcaptcha/Securimage
cpe:2.3:a:phpcaptcha:securimage:*:*:*:*:*:*:*:*
Range: <=3.6.4
ghsa-coords
pkg:composer/dapphp/securimage
Range: < 3.6.6

Patches

Vulnerability mechanics

References

www.checkmarx.com/advisories/html-injection-securimage/nvdExploitThird Party Advisory
github.com/advisories/GHSA-q6v4-xjp2-8ggvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-14077ghsaADVISORY
advisory.checkmarx.net/advisory/CX-2017-4223nvdWEB
github.com/dapphp/securimage/commit/2c7ce3f6fa5ab86fd0ac8e3b4d5d72a21329d8eaghsaWEB
www.checkmarx.com/advisories/html-injection-securimageghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.001
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000