CVE-2025-66514

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

CVE-2025-66514 Nextcloud Mail stored HTML injection in subject text

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

EUVD-2025-201464

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Prior to 5.5.3, a stored HTML injection in the Mail app's message list allowed an authenticated user to inject HTML into the email subjects. Javascript was correctly blocked by the content security policy of the...

PT-2025-49294

Name of the Vulnerable Software and Affected Versions Nextcloud Mail versions prior to 5.5.3 Description A stored HTML injection issue exists in the Mail app's message list, potentially allowing an authenticated user to inject HTML into email subjects. The Nextcloud Server’s content security poli...

openSUSE Security Advisory (SUSE-SU-2024:0893-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Leaking of encrypted email subjects to other conversations

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...

Moderate: Red Hat Security Advisory: thunderbird security update

An update for thunderbird is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

ALSA-2024:1493 Moderate: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.9.0. Security Fixes: nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects to other...

SMTP Mail <= 1.2.16 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in email subjects when the 'Save Data SendMail' feature is enabled, leading to potential Stored Cross-Site Scripting issues...

Lana Email Logger < 1.1.0 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape input in email subjects, leading to potential Stored Cross-Site Scripting issues...

Sql injection

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

CVE-2018-17542 SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the selectmid parameter in an letgo.cgi request...

Threat Outbreak Alert RuleID17380: Email Messages Distributing Malicious Software on July 13, 2016

Medium Alert ID: 40526 First Published: 2015 August 17 14:20 GMT Last Updated: 2016 July 15 13:56 GMT Version: 12 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID17380 and...

Threat Outbreak Alert RuleID10465: Email Messages Distributing Malicious Software on July 1, 2014

Medium Alert ID: 34769 First Published: 2014 June 27 13:59 GMT Last Updated: 2014 July 3 12:53 GMT Version: 3 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID10465 and...