VYPR
Medium severity6.1NVD Advisory· Published Aug 23, 2024· Updated Jun 17, 2026

CVE-2024-37392

CVE-2024-37392

Description

A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious JavaScript code into an SMS message, which gets executed when the SMS is viewed and specially interacted in web-GUI.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • SMSEagle/SMSEaglecpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <6.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.