Lucene search
K

51 matches found

RedhatCVE
RedhatCVE
added 2025/02/04 10:55 p.m.6 views

CVE-2024-26151

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8.2AI score0.00621EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2024/09/06 6:12 a.m.583 views

Exploit for Code Injection in Mjml Mjml_App

MJML Local Code Execution PoC A Proof-Of-Concept for CVE-2024...

9.3CVSS8.5AI score0.00994EPSS
Exploits2
OSV
OSV
added 2024/03/01 6:15 a.m.3 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

9.3CVSS6.3AI score0.00994EPSS
Exploits2References1
NVD
NVD
added 2024/03/01 6:15 a.m.25 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

9.3CVSS8AI score0.00994EPSS
Exploits2References1
Prion
Prion
added 2024/03/01 6:15 a.m.18 views

Remote code execution

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

8.7AI score0.00994EPSS
Exploits2References1
CVE
CVE
added 2024/03/01 12:0 a.m.84 views

CVE-2024-25293

CVE-2024-25293 affects mjml-app versions 3.0.4 and 3.1.0-beta. Multiple sources confirm a remote code execution (RCE) via the href attribute, notably involving the mj-button tag and path traversal, enabling local code execution. An exploit PoC is available (PoC repository linked in connected docu...

9.3CVSS8.2AI score0.00994EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/03/01 12:0 a.m.4 views

MJML App Security Vulnerability

MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...

9.3CVSS7.3AI score0.00994EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/03/01 12:0 a.m.15 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

8.6AI score0.00994EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.4 views

PT-2024-20866 · Mjml-App · Mjml-App

Name of the Vulnerable Software and Affected Versions: mjml-app versions 3.0.4 through 3.1.0-beta Description: The issue allows for remote code execution RCE via the href attribute. Recommendations: For versions 3.0.4 and 3.1.0-beta, consider restricting access to the href attribute until a patch...

9.3CVSS7.3AI score0.00994EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/03/01 12:0 a.m.25 views

CVE-2024-25293

mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...

8.2AI score0.00994EPSS
Exploits2References1
Veracode
Veracode
added 2024/02/23 8:14 a.m.12 views

Cross Site Scripting (XSS)

mjml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation for HTML entities. This allows an attacker to insert untrusted data into MJML templates, which can result in Cross Site Scripting XSS...

8.2CVSS6.2AI score0.00621EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2024/02/22 9:40 p.m.11 views

GHSA-578P-FXMM-6229 Potentially untrusted input is rendered as HTML in final output

Impact All users of mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like script would be rendered as in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which...

8.2CVSS6.3AI score0.00621EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2024/02/22 9:40 p.m.28 views

Potentially untrusted input is rendered as HTML in final output

Impact All users of mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like script would be rendered as in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which...

8.2CVSS6.4AI score0.00621EPSS
Exploits1References7Affected Software1
NVD
NVD
added 2024/02/22 7:15 p.m.32 views

CVE-2024-26151

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8AI score0.00621EPSS
Exploits1References6
OSV
OSV
added 2024/02/22 6:37 p.m.24 views

CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS7.8AI score0.00621EPSS
Exploits1References8
Cvelist
Cvelist
added 2024/02/22 6:37 p.m.41 views

CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8.2AI score0.00621EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/02/22 6:37 p.m.20 views

CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8AI score0.00621EPSS
Exploits1References5
CVE
CVE
added 2024/02/22 6:37 p.m.98 views

CVE-2024-26151

The CVE-2024-26151 issue affects the mjml-python package (FelixSchwarz/mjml-python), an unofficial Python port of MJML. The root cause is that untrusted input can be rendered as HTML in the final output when injected into mjml templates, allowing an attacker to influence email contents sent to ot...

8.2CVSS8AI score0.00621EPSS
Exploits1References6Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/22 12:0 a.m.5 views

PT-2024-21302

Name of the Vulnerable Software and Affected Versions mjml versions 0.10.0 through 0.10.x mjml version 0.11.0 is not affected, as it contains the fix for this issue. However, versions prior to 0.10.0 are also not affected. Description The issue affects users of the mjml-python library who insert...

8.2CVSS7.1AI score0.00621EPSS
Exploits1References16
CNNVD
CNNVD
added 2024/02/22 12:0 a.m.3 views

mjml-python Cross-Site Scripting Vulnerability

mjml-python is a framework to make responsive email easy by Felix Schwarz, an individual developer. A cross-site scripting vulnerability exists in mjml-python versions prior to 0.11.0 that stems from the presence of potentially untrusted input...

8.2CVSS6.1AI score0.00621EPSS
Exploits1References7
Rows per page
Query Builder