Befree Sdk
Monthly
The beefree.io SDK contains a Stored Cross-Site Scripting (XSS) vulnerability in the Social Media icon URL parameter within its email builder functionality, allowing attackers to inject arbitrary HTML and JavaScript code that persists in email templates and executes when preview pages are visited. The vulnerability affects beefree.io SDK versions prior to 3.47.0 across all platforms. While the impact is partially mitigated by beefree's Content Security Policy, attackers can still achieve limited script execution and social engineering attacks, making this a moderate-risk vulnerability that requires immediate patching.
The beefree.io SDK contains a Stored Cross-Site Scripting (XSS) vulnerability in the Social Media icon URL parameter within its email builder functionality, allowing attackers to inject arbitrary HTML and JavaScript code that persists in email templates and executes when preview pages are visited. The vulnerability affects beefree.io SDK versions prior to 3.47.0 across all platforms. While the impact is partially mitigated by beefree's Content Security Policy, attackers can still achieve limited script execution and social engineering attacks, making this a moderate-risk vulnerability that requires immediate patching.