CVE-2026-10234
LOW Exploitation: PoC
3.5
CVSS 3.1
Description
A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Metadata
Severity & Metrics
3.5
LOW CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| Mettle | sendportal | — | 3.0.0, 3.0.1 |
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.1 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P |
| 4.0 | N/D | 2.0 | cna | AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR |
| 3.5 | LOW | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
| 3.5 | LOW | 3.0 | cna | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R |
References (7)
- VDB-367513 | Mettle sendportal Campaign webview cross site scripting https://vuldb.com/vuln/367513
- VDB-367513 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/367513/cti
- CVE-2026-10234 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-10234
- Submit #822923 | Mettle sendportal v3.0.1 Cross Site Scripting https://vuldb.com/submit/822923
- Submit #825494 | mettle sendportal 3.0.1 Cross Site Scripting (Duplicate) https://vuldb.com/submit/825494
- https://github.com/mettle/sendportal/issues/338
- https://github.com/mettle/sendportal/