← back
CVE-2020-37188

SpotOutlook 1.2.6 - 'Name' Denial of Service

CVSS 4.6 MEDIUMEPSS 0.4%CWE-120
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.6EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Feb 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SpotOutlook 1.2.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can overwrite the buffer by pasting 1000 'A' characters into the 'Name' field, causing the application to become unresponsive.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
Affected products
Nsasoft · Nsauditor SpotOutlook

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/47906https://www.vulncheck.com/advisories/spotoutlook-name-denial-of-servicehttp://www.nsauditor.com/