{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T20:46:12.488","vulnerabilities":[{"cve":{"id":"CVE-2019-13392","sourceIdentifier":"cve@mitre.org","published":"2019-10-16T00:15:10.587","lastModified":"2024-11-21T04:24:50.877","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. The application will reflect the recipient value if it is not in the NateMail recipient array. Note that this array is keyed via integers by default, so any string input will be invalid."},{"lang":"es","value":"Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en MindPalette NateMail versión 3.0.15, permite a un atacante ejecutar JavaScript remoto en el navegador de una víctima por medio de una petición POST especialmente diseñada. La aplicación reflejará el valor del destinatario si no está en la matriz de destinatarios NateMail. Tenga en cuenta que esta matriz está codificada por medio de enteros por defecto, por lo que cualquier entrada de cadena será no válida."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mindpalette:natemail:3.0.15:*:*:*:*:*:*:*","matchCriteriaId":"F40C1D7B-73AE-4F2D-8636-B4E1993479B9"}]}]}],"references":[{"url":"https://mindpalette.com/tag/natemail/","source":"cve@mitre.org","tags":["Product"]},{"url":"https://twitter.com/mindpalette","source":"cve@mitre.org","tags":["Not Applicable"]},{"url":"https://www.doyler.net/security-not-included/natemail-vulnerabilities","source":"cve@mitre.org","tags":["Exploit","Third Party Advisory"]},{"url":"https://mindpalette.com/tag/natemail/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product"]},{"url":"https://twitter.com/mindpalette","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Not Applicable"]},{"url":"https://www.doyler.net/security-not-included/natemail-vulnerabilities","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}