71 matches found
CVE-2019-1921
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...
CVE-2019-1921 Cisco Email Security Appliance Content Filter Bypass Vulnerability
A vulnerability in the attachment scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker coul...
Code injection
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra...
CVE-2015-7609
Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra...
CVE-2019-1831
A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured content filters on the device. The vulnerability is due to improper input validation of the email body. An attacker...
CVE-2018-13137
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbemeventreapprovedemailbody parameter to the wp-admin/edit.php?posttype=event&page=events-manager-options URI...
PT-2019-8926 · WordPress · Events Manager
Name of the Vulnerable Software and Affected Versions: Events Manager plugin version 5.9.4 Description: The issue concerns a cross-site scripting XSS problem. It is exploited via the dbem event reapproved email body parameter to the "wp-admin/edit.php?post type=event&page=events-manager-options"...
CVE-2019-9558
Mailtraq WebMail version 2.17.7.3550 has Persistent Cross Site Scripting XSS via the body of an e-mail message. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...
CVE-2019-9557
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...
Cross site scripting
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting XSS via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an iframe...
Mailtraq WebMail 2.17.7.3550 Cross Site Scripting
Exploit Title: Persistent Cross Site Scripting XSS - Mailtraq WebMail version 2.17.7.3550 CVE: CVE-2019-9558 Exploit Author: Aloyce J. Makalanga Contact: https://twitter.com/aloycemjr Vendor Homepage: http://www.mailtraq.com/mail-server-software Category: webapps Attack Type: Remote Impact:...
Magento MarketPlace T1 - Bypass & Persistent Vulnerability
Document Title: =============== Magento MarketPlace T1 - Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1902 Release Date: ============= 2018-06-17 Vulnerability Laboratory ID VL-ID: ====================================...
DEBIAN-CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...
Mozilla: RSS Feed vulnerable to new line Injection
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...
UBUNTU-CVE-2017-7848
RSS fields can inject new lines into the created email structure, modifying the message body. This vulnerability affects Thunderbird 52.5.2...
CVE-2017-11617
Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...
C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting
Document Title: =============== C & C++ for OS - Filter Bypass & Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1825 Release Date: ============= 2016-04-14 Vulnerability Laboratory ID VL-ID: ====================================...
Alt-N MDaemon 13.0.3 and 12.5.6 Email Body HTML/JS Injection Vulnerability
No description provided by source. ============================================================== Alt-N MDaemon Email Body HTML/JS Injection Vulnerability ============================================================== Software: Alt-N MDaemon v13.0.3 and prior versions Vendor: http://www.altn.com/...
CVE-2012-2592
Cross-site scripting XSS vulnerability in Axigen Mail Server 8.0.1 allows remote attackers to inject arbitrary web script or HTML via the body of an email...
Cross site scripting
Cross-site scripting XSS vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element...