CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

CVE-2026-40872

Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

mailcow: dockerized 跨站脚本漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained a cross-site scripting vulnerability. This vulnerability stemmed from the Autodiscover logs used for managing the dashboard, which did not escape the EMailAddress valu...