CVE-2021-47768 | THREATINT

Description

ImportExportTools NG 10.0.4 contains a persistent HTML injection vulnerability in the email export module that allows remote attackers to inject malicious HTML payloads. Attackers can send emails with crafted HTML in the subject that execute during HTML export, potentially compromising user data or session credentials.

PUBLISHED Reserved 2026-01-14 | Published 2026-01-15 | Updated 2026-01-15 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

10.0.4

affected

Credits

Vulnerability Lab finder

References

www.exploit-db.com/exploits/50496 exploit

www.vulnerability-lab.com/get_content.php?id=2308 exploit

www.exploit-db.com/exploits/50496 (ExploitDB-50496) exploit

github.com/thundernest/import-export-tools-ng (ImportExportTools NG GitHub Repository) product

addons.thunderbird.net/...erbird/addon/importexporttools-ng/ (Thunderbird Addon Page) product

www.vulnerability-lab.com/get_content.php?id=2308 (Vulnerability-Lab Disclosure) exploit technical-description

cve.org (CVE-2021-47768)

nvd.nist.gov (CVE-2021-47768)

Download JSON

help @ threatint.eu