188 matches found
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
CVE-2025-57733
JetBrains TeamCity prior to 2025.07.1 is vulnerable to a sMTP injection that can modify email content. The CVE-2025-57733 entry is corroborated by multiple connected sources, including Red Hat advisory and PT Security, which list TeamCity
CVE-2025-57733
In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content...
PT-2025-34034 · Jetbrains · Teamcity
Name of the Vulnerable Software and Affected Versions: TeamCity versions prior to 2025.07.1 Description: A sMTP injection flaw exists in TeamCity, potentially allowing attackers to modify email content. Recommendations: Update to TeamCity version 2025.07.1 or later...
CVE-2024-7472
lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...
CVE-2023-23326
A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...
CVE-2023-22288
HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...
CVE-2020-11593
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address...
CVE-2017-20187
UNSUPPORTED WHEN ASSIGNED A vulnerability was found in Magnesium-PHP up to 0.3.0. It has been classified as problematic. Affected is the function formatEmailString of the file src/Magnesium/Message/Base.php. The manipulation of the argument email/name leads to injection. Upgrading to version 0.3....
CVE-2018-20898
cPanel before 71.9980.37 allows e-mail injection during cPAddons moderation SEC-396...
CVE-2017-11617
Cross-site scripting XSS vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes...
CVE-2012-2586
Multiple cross-site scripting XSS vulnerabilities in Mailtraq 2.17.3.3150 allow remote attackers to inject arbitrary web script or HTML via an e-mail message subject with 1 a JavaScript alert function used in conjunction with the fromCharCode method or 2 a SCRIPT element; an e-mail message body...
CVE-2008-0179
Cross-site scripting XSS vulnerability in service/impl/UserLocalServiceImpl.java in Liferay Portal 4.3.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header, which is used when composing Forgot Password e-mail messages in HTML format...
CVE-2024-11922
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2024-11922
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2024-11922
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2024-11922 Input Validation vulnerability in Web Client emails that do not go through Secure Mail
Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email...
CVE-2024-11922
CVE-2024-11922 affects Fortra’s GoAnywhere Web Client prior to version 7.8.0. The issue is missing input validation in Web Client features, which could allow an attacker with permission to trigger emails to insert arbitrary HTML or JavaScript into an email. This could enable client-side/script-ba...
CVE-2025-29410
A cross-site scripting XSS vulnerability in the component /contact.php of Hospital Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the txtEmail parameter...
CVE-2024-5519
A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has...