CVE-2022-31049

CVE-2022-31049 – TYPO3 Frontend Login Mailer XSS is a cross‑site scripting vulnerability in TYPO3. Prior to TYPO3 versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user-submitted content was not properly encoded in HTML emails sent to users, with the actual affected components being mail clients that v...

Mageia: Security Advisory (MGASA-2014-0114)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

DEBIAN-CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets CSS token sequences...

CVE-2021-46144

Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets CSS token sequences...

Cross-site Scripting (XSS)

roundcube is vulnerable to cross-site scripting XSS. The vulnerability exists through specific CSS token sequences during HTML email rendering which allows an attacker to inject and execute arbitrary javascript...

DEBIAN-CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

CVE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

MGASA-2021-0010 Updated squirrelmail packages fix security vulnerabilities

XSS was discovered in SquirrelMail through 1.4.22. Due to improper handling of RCDATA and RAWTEXT type elements, the built-in sanitization mechanism can be bypassed. Malicious script content from HTML e-mail can be executed within the application context via crafted use of for example a NOEMBED,...

USN-4669-1 squirrelmail vulnerability

It was discovered that a cross-site scripting XSS vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execute code and/or provoke a denial of service...

Ubuntu 16.04 LTS : SquirrelMail vulnerability (USN-4669-1)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4669-1 advisory. It was discovered that a cross-site scripting XSS vulnerability in SquirrelMail allows remote attackers to use malicious script content from HTML e-mail to execut...

Microsoft Outlook HTML Email Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email or view it in the preview pane. The specific flaw exists within th...

Microsoft Outlook HTML Email Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Outlook. User interaction is required to exploit this vulnerability in that the target must open a malicious email or view it in the preview pane. The specific flaw exists within the parsin...

DEBIAN-CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...

CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...

UBUNTU-CVE-2020-15562

An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...

Information Disclosure

seamonkey is vulnerable to information disclosure. The scriptable plugin content allows remote attackers to obtain confidential information via malicious content in an IFRAME element in an HTML email message...

Cross-Site Request Forgery (CSRF)

squirrelmail is vulnerable to cross-site request forgery. Squirrelmail did not sufficiently check arguments to IMG tags in HTML e-mail messages. This could be exploited by an attacker by sending arbitrary e-mail messages on behalf of a squirrelmail user tricked into opening a maliciously crafted...

Denial Of Service (DoS)

spamassassin is vulnerable to denial of service DoS. The vulnerability exists as a flaw was found in the way SpamAssassin processes HTML email containing URIs. A carefully crafted mail message could cause SpamAssassin to consume significant resources. If a number of these messages are sent, this...

NewStart CGSL CORE 5.04 / MAIN 5.04 : spamassassin Multiple Vulnerabilities (NS-SA-2019-0041)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has spamassassin packages installed that are affected by multiple vulnerabilities: - A flaw was found in the way a local user on the SpamAssassin server could inject code in the meta rule syntax. This could cause the arbitrary...