CVE-2017-14077: Code Injection

November 18, 2017 (updated December 3, 2017)

HTML Injection in Securimage allows remote attackers to inject arbitrary HTML into an e-mail message body via the $_SERVER['HTTP_USER_AGENT'] parameter to example_form.ajax.php or example_form.php.

References

nvd.nist.gov/vuln/detail/CVE-2017-14077

Detect and mitigate CVE-2017-14077 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →