5 matches found
Cross-site Scripting (XSS)
Overview @tutao/tutanota-utils is a This is a collection of common utils we use across multiple projects/modules internally. As creating this module really is just an intermediate step towards re-organising some of the dependency structure of our software, it is most likely going to change Affect...
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature
Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...
Cross-site Scripting (XSS)
Overview @tutao/otest is a little test runner Affected versions of this package are vulnerable to Cross-site Scripting XSS via the contact viewer. An attacker can manipulate the appearance and behavior of the link button by injecting specially crafted contact data, causing the link address to be...
EUVD-2025-204591
Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...
GHSA-24V3-254G-JV85 Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature
Impact Users importing contacts from untrusted sources. Specifically crafted contact data can lead to some of DOM modifications for the link button next to the field e.g. the link address can be overriden. CSS can be manipulated to give the button arbitrary look and change it's size so that any...