SMSEagle
by SMSEagle
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-37392 | Med | 0.40 | 6.1 | 0.00 | Aug 23, 2024 | A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious… | ||
| CVE-2025-10095 | Med | 0.34 | — | 0.00 | Sep 9, 2025 | A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its… | ||
| CVE-2025-59715 | 0.00 | — | 0.00 | Sep 19, 2025 | SMSEagle before 6.11 allows reflected XSS via a username or contact phone number. |
- risk 0.40cvss 6.1epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability has been identified in SMSEagle software version < 6.0. The vulnerability arises because the application did not properly sanitize user input in the SMS messages in the inbox. This could allow an attacker to inject malicious…
- risk 0.34cvss —epss 0.00
A SQL injection vulnerability has been identified in the SMPP server component of the SMSEagle firmware, specifically affecting the handling of certain parameters within the server's database interactions. The vulnerability is isolated to the SMPP server, which operates with its…
- CVE-2025-59715Sep 19, 2025risk 0.00cvss —epss 0.00
SMSEagle before 6.11 allows reflected XSS via a username or contact phone number.