Unpatched PHPMailer Vulnerability

PHPMailer is a popular open-source library used for sending emails in PHP applications. This vulnerability allows attackers to inject malicious code into email bodies, potentially leading to cross-site scripting (XSS) attacks or even remote code execution.

You're affected if you use PHPMailer version 5.x.x or earlier. Check with: grep -r "PHPMailer" .php files
Note: This vulnerability is similar to CVE-2019-1677, but the exploitability and severity differ.

1. Upgrade to PHPMailer version 6.0.0 or later from the official GitHub repository: https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.0
2. If immediate upgrade isn't possible, consider using a different email library like SwiftMailer (https://swiftmailer.org/) or implementing custom email sending logic.