247 matches found
SUSE CVE-2026-35540
An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to SSRF or Information Disclosure, e.g., if stylesheet links point to local network hosts...
CVE-2022-0218
The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...
EUVD-2000-0328
Malware in sbrugna...
EUVD-2016-8816
Malware in sbrugna...
EUVD-2005-3689
Malware in sbrugna...
EUVD-2007-0988
Malware in sbrugna...
BIT-JOOMLA-2024-27186 [20240803] - Core - XSS in HTML Mail Templates
The mail template feature lacks an escaping mechanism, causing XSS vectors in multiple extensions...
CVE-2024-46980 Tuleap vulnerable to XSS in the HTML mail content of the cross reference field
Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them ...
[20240803] - Core - XSS in HTML Mail Templates
Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2...
Elevation of Privilege Vulnerability in Multiple Mozilla Products (CNVD-2024-10433)
Mozilla Firefox is an open source web browser from the Mozilla Foundation in the U.S.A. Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is email client software that supports the IMAP and POP mail protocols as well as the HTML mail format. An...
CVE-2023-40202
Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...
CVE-2023-40202
CVE-2023-40202 concerns the WP HTML Mail plugin (WordPress) up to version 3.4.1. Technical sources indicate an unauthenticated CSRF flaw that allows an attacker to trigger actions such as test email sending without valid authorization, enabling cross-site request forgery against admins. The vulne...
CVE-2023-40202 WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...
CVE-2023-40202 WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin = 3.4.1 versions...
WordPress WP HTML Mail Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP HTML Mail Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-40202 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 21db8a0a2110 Credits István Márton Required...
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...
CVE-2019-25144
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...
Input validation
The WP HTML Mail plugin for WordPress is vulnerable to HTML injection in versions up to, and including, 2.2.10 due to insufficient input sanitization. This makes it possible for unauthenticated attackers to inject arbitrary HTML in pages that execute if they can successfully trick a administrator...
CVE-2019-25148
The CVE-2019-25148 issue concerns the WP HTML Mail plugin for WordPress. Affected versions up to and including 2.9.0.3 are vulnerable to HTML injection due to insufficient input sanitization in the plugin’s handling of user-supplied data. The vulnerability can be exploited by unauthenticated atta...