CVE-2021-20779

The CVE-2021-20779 issue affects the WordPress plugin WordPress Email Template Designer - WP HTML Mail, specifically versions prior to 3.0.8. The vulnerability is Cross-site Request Forgery (CSRF) that can allow an attacker to hijack administrator authentication via unspecified vectors. Root caus...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 A cross-site request forger...

WordPress WP HTML Mail plugin <= 3.0.6 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Konan Nagashima in WordPress WP HTML Mail plugin versions = 3.0.6. Solution Update the WordPress WP HTML Mail plugin to the latest available version at least 3.0.8...

WP HTML Mail < 3.0.8 - CSRF to XSS

The plugin did not have any CSRF in place when saving its options, which could allow attacker to make a logged in administrator change them. Due to the lack of sanitisation in some of them, Stored XSS could also be achieved...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. The vulnerability exists through as a HTML mail message containing malicious content could possibly lead to arbitrary code execution with the privileges of the user running Thunderbird...

Denial Of Service (DoS)

Mozilla Thunderbird is vulnerable to denial of service DoS. An arbitrary memory write flaw was found in the way Thunderbird handled out-of-memory conditions. If all memory was consumed when a user viewed a malicious HTML mail message, it could possibly lead to arbitrary code execution with the...

Denial Of Service (DoS)

Mozilla Thunderbird is vulnerable to Denial Of Service DoS. A flaw was found in the way Thunderbird displayed multiple marquee elements. A malformed HTML mail message could cause Thunderbird to execute arbitrary code with the privileges of the user running Thunderbird...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. The vulnerability exists as an HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird...

Cross-Site Scripting (XSS)

squirrelmail is vulnerable to cross-site scripting. Insufficient HTML mail sanitization allows a remote attacker to send a specially-crafted HTML mail or attachment that could cause a user's Web browser to execute a malicious script in the context of the SquirrelMail session when that email or...

Same-Origin Policy Bypass

thunderbird is vulnerable to same-origin policy bypass. Several flaws were found in the way malformed content was processed. An HTML mail message containing specially-crafted content could potentially trick a Thunderbird user into surrendering sensitive information...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird...

Arbitrary Code Execution

thunderbird is vulnerable to arbitrary code execution. Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird...

Cross-Site Request Forgery (CSRF)

thunderbird is vulnerable to cross-site request forgery. A race condition existed when Thunderbird set the "window.location" property when displaying HTML mail content. This flaw could allow a HTML mail message to set an arbitrary Referer header, which may lead to a Cross-site Request Forgery CSR...

Cross-Site Scripting (XSS)

thunderbird is vulnerable to cross-site scripting. A cross-site scripting flaw was found in the way Thunderbird handled the jar: URI scheme. It may be possible for a malicious HTML mail message to leverage this flaw, and conduct a cross-site scripting attack against a user running Thunderbird...

Same-Origin Policy Bypass

thunderbird is vulnerable to same-origin policy bypass. A flaw was found in the way Thunderbird handled the "location.hostname" value during certain browser domain checks. This flaw could allow a malicious HTML mail message to set domain cookies for an arbitrary site, or possibly perform an XSS...

Clickjacking

thunderbird is vulnerable to clickjacking. A flaw was found in the way Thunderbird displayed certain web content. A malicious HTML mail message could generate content which could overlay user interface elements such as the hostname and security indicators, tricking a user into thinking they are...

Cross-Site Scripting (XSS)

thunderbird is vulnerable to cross-site scripting. Several cross-site scripting XSS flaws were found in the way Thunderbird processed certain malformed HTML mail messages. A malicious HTML mail message could display misleading information which may result in a user unknowingly divulging sensitive...