CVE-2026-10234

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Configurations

No configuration.

History

01 Jun 2026, 08:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-01 08:16

Updated : 2026-06-17 10:12


NVD link : CVE-2026-10234

Mitre link : CVE-2026-10234

CVE.ORG link : CVE-2026-10234


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94

Improper Control of Generation of Code ('Code Injection')