VYPR

SMSEagle

by SMSEagle

CVEs (3)

  • CVE-2024-37392MedAug 23, 2024
    risk 0.40cvss 6.1epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious…

  • CVE-2025-10095MedSep 9, 2025
    risk 0.34cvss epss 0.00

    A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its…

  • CVE-2025-59715Sep 19, 2025
    risk 0.00cvss epss 0.00

    SMSEagle before 6.11 allows reflected XSS via a username or contact phone number.