Unrated severityNVD Advisory· Published Jun 26, 2022· Updated Aug 4, 2024

CVE-2020-27509

Description

Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field. The payload executes when the recipient logs into their mailbox.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Galaxkey/Secure Mail Clientdescription
Galaxkey/Secure Mail Clientllm-create
Range: <=5.6.11.5

Patches

Vulnerability mechanics

References

galaxkey.commitrex_refsource_MISC
medium.com/%40tomhulme_74888/persistent-cross-site-scripting-leading-to-full-account-takeover-on-galaxkey-v5-6-11-4-8bf96be35b54mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000