Lucene search
K

25 matches found

CVE
CVE
added 2026/04/21 7:14 p.m.15 views

CVE-2026-40872

Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:14 p.m.4 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:50 a.m.6 views

CVE-2009-4995

Cross-site scripting XSS vulnerability in frmTickets.aspx in SmarterTools SmarterTrack before 4.0.3504 allows remote attackers to inject arbitrary web script or HTML via the email address field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

4.3CVSS5.7AI score0.00855EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:29 a.m.8 views

CVE-2021-27956

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...

6.1CVSS5.9AI score0.01606EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-2150

Malware in sbrugna...

5.4CVSS5.5AI score0.00656EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2009-4957

Malware in sbrugna...

4.3CVSS6.4AI score0.00855EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-8023

Malware in sbrugna...

5.4CVSS5.6AI score0.00563EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2009-0743

Malware in sbrugna...

3.5CVSS6.4AI score0.00896EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-1509

Malware in sbrugna...

4.3CVSS6.4AI score0.03917EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-15264

Malware in sbrugna...

9.8CVSS6.7AI score0.03034EPSS
Exploits2References5
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.8 views

CVE-2019-10107

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...

5.4CVSS5.9AI score0.00656EPSS
Exploits1References1
OSV
OSV
added 2023/07/13 3:15 a.m.1 views

UBUNTU-CVE-2023-2200

An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field...

5.4CVSS5.7AI score0.0046EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/07/13 2:2 a.m.20 views

CVE-2023-2200

Removed by vendor...

5.4CVSS6AI score0.0046EPSS
Exploits0
Prion
Prion
added 2021/05/20 6:15 p.m.20 views

Cross site scripting

Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html/directory-search user search page via the e-mail address field...

4.3CVSS5.9AI score0.01606EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2020/04/27 1:15 p.m.5 views

CVE-2019-18223

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the 1 User Edit or 2 User Add form, 3 name field in the Role Add form, 4 name or number field in the Edit Group form, 5 tagKey or tagValue field in the Recording Rul...

5.4CVSS6.1AI score0.00563EPSS
Exploits1References1
OSV
OSV
added 2019/03/26 10:29 p.m.3 views

CVE-2019-10107

CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences - My Account" section...

5.4CVSS6AI score0.00656EPSS
Exploits1References1
Prion
Prion
added 2018/02/06 4:29 p.m.14 views

Authentication flaw

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field...

7.5CVSS9.2AI score0.03034EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2018/02/06 4:29 p.m.14 views

CVE-2017-6199

A remote attacker could bypass the Sandstorm organization restriction before build 0.203 via a comma in an email-address field...

9.8CVSS7.2AI score0.02355EPSS
Exploits1References4
Cvelist
Cvelist
added 2017/12/20 9:0 a.m.22 views

CVE-2017-17794

validateformpreferences in admin/preferences.php in BlogoText through 3.7.6 allows attackers to bypass intended access restrictions via vectors related to an e-mail address field...

9.2AI score0.01544EPSS
Exploits0References2
CNVD
CNVD
added 2017/10/11 12:0 a.m.2 views

Flyspray stored cross-site scripting vulnerability (CNVD-2017-30492)

Flyspray is a lightweight, web-based, bug tracking system written in PHP to assist in software development and project management. Flyspray suffers from a stored cross-site scripting vulnerability that allows authenticated users to gain administrator privileges by injecting JavaScript into...

5.4CVSS5.4AI score0.00805EPSS
Exploits0References1
Rows per page
Query Builder