Meetup Vulnerabilities: Escalation of Privilege and Redirection of Funds

HTML injection in Securimage

General Information

Affected Software: Securimage
Affected Versions: < 3.6.5
Vendor: Securimage
Vendor Page:
Vulnerability: HTML injection
Severity: Medium
CVE ID: CVE-2017-14077

Short Description

HTML injection in Securimage 3.6.4 and earlier allows remote attackers to inject arbitrary HTML code via the $_SERVER[‘HTTP_USER_AGENT’] parameter to example_form.ajax.php or example_form.php.


No fix released as of writing this advisory


Using CxSAST, we scanned and found an HTML Injection in the files:
/example_form.ajax.php and

That contains the following code:
As we can see $_SERVER['HTTP_USER_AGENT'] is not properly sanitized and it’s vulnerable to HTML Injection which is reflected on the victim’s email.

Disclosure Timeline

22-Mar-2016 – Reported to Securimage developer
31-Mar-2016 – Developer confirmed the vulnerability and said a fix will be issued in the future
17-Nov-2017 – Contacted developer to let him know the vulnerability is going to be published although no fix is out

Related Links

Vulnerability on
Vulnerability on NVD