Email & Communications
Email spoofing via missing SPF/DKIM/DMARC, SMS injection, and push notification injection vulnerabilities.
3 vulnerabilities
Email Spoofing (Missing SPF/DKIM/DMARC)
mediumWithout SPF, DKIM, and DMARC DNS records, anyone can send emails claiming to be from your domain — enabling phishing attacks against your users.
CWE-290A05:2021
SMS Injection
mediumIncluding unvalidated user input in SMS messages allows attackers to inject newlines and craft fraudulent messages appearing to come from your application.
CWE-74A03:2021
Push Notification Injection
lowIncluding unsanitized user input in push notification payloads allows attackers to craft misleading notifications in your app's name.
CWE-74A03:2021