CVE-2026-10234

LOW 3.5

Mettle sendportal Campaign webview cross site scripting

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was detected in Mettle sendportal up to 3.0.1. This affects an unknown part of the file /webview/ of the component Campaign Handler. The manipulation of the argument content results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-79 CWE-94
Vendor	mettle
Product	sendportal
Published	Jun 1, 2026
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for mettle sendportal

Be the first to know when new low vulnerabilities affecting mettle sendportal are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

Mettle / sendportal

3.0.0 3.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/367513 vuldb.com: https://vuldb.com/vuln/367513/cti vuldb.com: https://vuldb.com/cve/CVE-2026-10234 vuldb.com: https://vuldb.com/submit/822923 vuldb.com: https://vuldb.com/submit/825494 github.com: https://github.com/mettle/sendportal/issues/338 github.com: https://github.com/mettle/sendportal/

Credits

Kabilan D 🔍 B1scuit (VulDB User) Superman_04 (VulDB User) VulDB CNA Team