44 matches found
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...
EUVD-2026-19478
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain checkChain: false. Any email signed with a self-signed or untrusted certificate was displayed as having a valid signature. This...
CVE-2026-35389
CVE-2026-35389 affects Bulwark Webmail (self-hosted client for Stalwart Mail Server). Before version 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false), causing emails signed with self-signed or untrusted certificates to appear as having a valid...
EUVD-2019-5707
Malware in sbrugna...
EUVD-2012-4593
Malware in sbrugna...
EUVD-2020-5895
Malware in sbrugna...
EUVD-2025-16449
Malicious code in bioql PyPI...
EUVD-2022-39943
Malicious code in bioql PyPI...
EUVD-2021-31061
Malicious code in bioql PyPI...
CVE-2025-48483 FreeScout Stored XSS leads to CSRF
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML...
CVE-2025-48483
CVE-2025-48483 affects FreeScout (PHP/Laravel) prior to 1.8.180. The issue is an XSS vulnerability caused by insufficient input validation/sanitization of user-supplied data in mail signatures, enabling injection of HTML/JS into pages viewed by the user. A modified signature could also enable a s...
FreeScout 跨站脚本漏洞
FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by email signatures. No detailed vulnerability...
CVE-2019-14546
An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, whi...
SUSE CVE-2012-4912
Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message...
Mozilla: S/MIME signature accepted despite mismatching message date
The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...
Mozilla: S/MIME signature accepted despite mismatching message date
The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...
CVE-2023-50761
The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...
CVE-2023-50761
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...
CVE-2023-50761
The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...
SUSE CVE-2012-4668
Cross-site scripting XSS vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email...