LOW
Mettle
CVE published 2026-06-01
CVE-2026-10234
A stored or reflected cross-site scripting (XSS) vulnerability exists in Mettle SendPortal up to version 3.0.1, specifically within the Campaign Handler component's /webview/ endpoint. The vulnerability is triggered by manipulation of the 'content' parameter. The attack vector is remote, requires low privileges, and user interaction. The CVSS 4.0 vector indicates network attack vector, low attack complexi [truncated]