A vulnerability described as problematic has been identified in Mettle sendportal up to 3.0.1 . This affects an unknown part of the file /webview/ of the component Campaign Handler . The manipulation of the argument content results in cross site scripting. This vulnerability is reported as CVE-2026-10234 . The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.