Primary

Context

SMSEagle Reflected Cross-Site Scripting Vulnerability

Vulnerability

Patched

A reflected cross-site scripting vulnerability has been identified in SMSEagle software versions prior to 6.11. This issue allows an attacker to inject malicious JavaScript into a username or contact phone number, which is executed when an administrator edits the affected property in the web interface.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject and execute malicious scripts in the context of the user's browser.

Remediation

Users are advised to update their SMSEagle software to version 6.11 or higher. The update can be performed via the web interface under Settings > Updates. For offline update packages, contact the SMSEagle Support Center.

Added: Sep 19, 2025, 3:18 AM

Updated: Sep 19, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

6.0

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SMSEagle Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Remediation

Affected Products

SMSEagle

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating