CVE-2019-15054

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

CVE-2019-15054

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

CVE-2019-15054

Mailbird before 2.7.5.0 is affected by CVE-2019-15054: XSS via a crafted HTML mail message allows remote execution of arbitrary JavaScript in a privileged context. Upgrade to Mailbird 2.7.5.0 or newer. This CVE is distinct from CVE-2015-4657.

CVE-2019-15054

Multiple cross-site scripting XSS vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This vulnerability is distinct from CVE-2015-4657...

Open-Xchange OX Guard Cross Site Scripting / Signature Validation

Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in finding and solving those vulnerabilities. Feel free to join our bug bounty programs appsuite, dovecot, powerdns at HackerOne. Yours sincerely, Martin Heiland, Open-Xchange GmbH Product: OX...

HTML Mail - Critical - Remote Code Execution - SA-CONTRIB-2018-069

The HTML Mail module lets you theme your messages the same way you theme the rest of your website. When sending email some variables were not being sanitized for shell arguments, which could lead to remote code execution. This issue is related to the Drupal Core release SA-CORE-2018-006...

Roundcube mail body of the stored cross site Vulnerability(CVE-2017-6820)

Author: Badcode, sebao know Chong Yu 404 security lab Date: 2017-03-17 0x00 vulnerability overview 1. Vulnerability description Roundcube is a widely used open source e-mail program, in the globe there are many organizations and companies are in use. On the server to successfully install...

CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

Design/Logic Flaw

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

UBUNTU-CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

CVE-2016-7968

CVE-2016-7968 affects KMail (KDE PIM) where a QWebEngine-based HTML mail viewer with JavaScript enabled could execute code in HTML mail content. Root cause: insufficient sanitization in the viewer, enabling JavaScript execution. Impact stated in sources centers on potential code execution via HTM...

CVE-2016-7968

KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. HTML Mail contents were not sanitized for JavaScript and included code was executed...

WordPress WP-Ecommerce-Shop-Styling 2.5 File Download

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

WordPress Plugin WP E-Commerce Shop Styling 2.5 - Arbitrary File Download

Title: Remote file download vulnerability in wordpress plugin wp-ecommerce-shop-styling v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2015-07-05 Download Site: https://wordpress.org/plugins/wp-ecommerce-shop-styling Vendor: https://profiles.wordpress.org/haet/ Vendor Notified: 2015-07-05, fixed...

thunderbird security update

CentOS Errata and Security Advisory CESA-2015:0642 An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Scientific Linux Security Update : thunderbird on SL5.x, SL6.x i386/x86_64 (20150113)

Two flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2014-8634, CVE-2014-8639 It was found that the Beacon interface...

Important: Red Hat Security Advisory: thunderbird security update

An updated thunderbird package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings,...

Microsoft Outlook Express 5.5 DoS Device Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4584/info A denial of service issue has been reported in Microsoft Outlook Express. Reportedly, Outlook Express does not adequately handle unusually crafted HTML mail messages. Modifying the BGSOUND or IFRAME tag to conta...