25 matches found
CVE-2026-40872
Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...
CVE-2009-4995
Cross-site scripting XSS vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2021-27956
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...
EUVD-2019-2150
Malware in sbrugna...
EUVD-2009-4957
Malware in sbrugna...
EUVD-2019-8023
Malware in sbrugna...
EUVD-2009-0743
Malware in sbrugna...
EUVD-2002-1509
Malware in sbrugna...
EUVD-2017-15264
Malware in sbrugna...
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...
UBUNTU-CVE-2023-2200
An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...
CVE-2023-2200
Removed by vendor...
Cross site scripting
Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...
CVE-2019-18223
ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...
CVE-2019-10107
CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...
Authentication flaw
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field...
CVE-2017-6199
A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field...
CVE-2017-17794
validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...
Flyspray stored cross-site scripting vulnerability (CNVD-2017-30492)
Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability that allows authenticated users to gain administrator privileges by injecting JavaScript into...