CVE-2017-11503: XSS vulnerability in code example

July 20, 2017 (updated May 3, 2019)

The code_generator.phps example does not filter user input prior to output. This file is distributed with a .phps extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There’s also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).

References

github.com/PHPMailer/PHPMailer/commit/dbbc1397c41de56aa3a57c8188d19a345dea5c63
github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24

Code Behaviors & Features

Detect and mitigate CVE-2017-11503 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →