CVE-2023-49780
Description
Cross-site scripting vulnerability exists in acmailer CGI ver.4.0.5 and earlier. An arbitrary script may be executed on the web browser of the user who accessed the management page of the affected product.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
acmailer CGI ver.4.0.5 and earlier contain a stored XSS vulnerability allowing arbitrary script execution on the management page.
## Vulnerability acmailer CGI version 4.0.5 and earlier contain a cross-site scripting (XSS) vulnerability [1]. The issue stems from insufficient input sanitization, allowing attackers to inject arbitrary scripts into the management page.
Exploitation
An attacker can exploit this vulnerability by convincing a user who has access to the acmailer management page to view a crafted link or content. No authentication is required for the initial injection, but the script executes in the context of the management user's browser.
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the web browser of the management user. This can lead to theft of session cookies, defacement, or other malicious actions within the management interface.
Mitigation
The vendor released version 4.0.6 on April 3, 2023, which includes strengthened XSS countermeasures [2]. Users are advised to update to the latest version immediately.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=4.0.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.