Lucene search
K

188 matches found

RedhatCVE
RedhatCVE
added 2025/08/22 9:32 a.m.17 views

CVE-2025-57733

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...

5.5CVSS7.5AI score0.00261EPSS
Exploits0References1
CVE
CVE
added 2025/08/20 9:14 a.m.23 views

CVE-2025-57733

JetBrains TeamCity prior to 2025.07.1 is vulnerable to a sMTP injection that can modify email content. The CVE-2025-57733 entry is corroborated by multiple connected sources, including Red Hat advisory and PT Security, which list TeamCity

5.5CVSS7.5AI score0.00261EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/20 9:14 a.m.7 views

CVE-2025-57733

In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...

5.5CVSS0.00261EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.6 views

PT-2025-34034 · Jetbrains · Teamcity

Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.1 Description: A sMTP injection flaw exists in TeamCity, potentially allowing attackers to modify email content. Recommendations: Update to TeamCity version 2025.07.1 or later...

5.5CVSS6.6AI score0.00261EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 9:50 a.m.12 views

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

6.5CVSS6.5AI score0.00418EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.6 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.4CVSS5.3AI score0.00523EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:4 a.m.9 views

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

5.4CVSS6.9AI score0.00399EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:10 p.m.11 views

CVE-2020-11593

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...

7.5CVSS6.8AI score0.00992EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.7 views

CVE-2017-20187

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3....

9.8CVSS7.5AI score0.00692EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:27 a.m.6 views

CVE-2018-20898

cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation SEC-396...

4.3CVSS7.3AI score0.00633EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:25 a.m.10 views

CVE-2017-11617

Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...

6.1CVSS5.9AI score0.01025EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 12:27 a.m.5 views

CVE-2012-2586

Multiple cross-site scripting XSS vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with 1 a JavaScript alert function used in conjunction with the fromCharCode method or 2 a SCRIPT element; an e-mail message body...

4.3CVSS5.8AI score0.02467EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:48 p.m.10 views

CVE-2008-0179

Cross-site scripting XSS vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format...

2.6CVSS5.9AI score0.01212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/30 9:12 p.m.12 views

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

6.3CVSS6.7AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2025/04/28 9:15 p.m.17 views

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

6.3CVSS0.00182EPSS
Exploits0References1
OSV
OSV
added 2025/04/28 9:15 p.m.3 views

CVE-2024-11922

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

5.4CVSS5.9AI score0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/28 8:57 p.m.22 views

CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail

Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...

6.3CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 2025/04/28 8:57 p.m.70 views

CVE-2024-11922

CVE-2024-11922 affects Fortra’s GoAnywhere Web Client prior to version 7.8.0. The issue is missing input validation in Web Client features, which could allow an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could enable client-side/script-ba...

6.3CVSS6.3AI score0.00182EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/03/20 12:0 a.m.25 views

CVE-2025-29410

A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...

0.00224EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/02/05 6:18 a.m.4 views

CVE-2024-5519

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has...

9.8CVSS7.9AI score0.00851EPSS
Exploits1References1
Rows per page
Query Builder