51 matches found
CVE-2024-26151
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
Exploit for Code Injection in Mjml Mjml_App
MJML Local Code Execution PoC A Proof-Of-Concept for CVE-2024...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
Remote code execution
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
CVE-2024-25293
CVE-2024-25293 affects mjml-app versions 3.0.4 and 3.1.0-beta. Multiple sources confirm a remote code execution (RCE) via the href attribute, notably involving the mj-button tag and path traversal, enabling local code execution. An exploit PoC is available (PoC repository linked in connected docu...
MJML App Security Vulnerability
MJML App is an MJML open source MJML desktop application. A security vulnerability exists in mjml-app version 3.0.4 and 3.1.0-beta, which stems from a Remote Code Execution RCE vulnerability in the href attribute...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
PT-2024-20866 · Mjml-App · Mjml-App
Name of the Vulnerable Software and Affected Versions: mjml-app versions 3.0.4 through 3.1.0-beta Description: The issue allows for remote code execution RCE via the href attribute. Recommendations: For versions 3.0.4 and 3.1.0-beta, consider restricting access to the href attribute until a patch...
CVE-2024-25293
mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution RCE via the href attribute...
Cross Site Scripting (XSS)
mjml is vulnerable to Cross Site Scripting XSS. The vulnerability is due to improper input validation for HTML entities. This allows an attacker to insert untrusted data into MJML templates, which can result in Cross Site Scripting XSS...
GHSA-578P-FXMM-6229 Potentially untrusted input is rendered as HTML in final output
Impact All users of mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like script would be rendered as in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which...
Potentially untrusted input is rendered as HTML in final output
Impact All users of mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like script would be rendered as in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which...
CVE-2024-26151
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output
The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...
CVE-2024-26151
The CVE-2024-26151 issue affects the mjml-python package (FelixSchwarz/mjml-python), an unofficial Python port of MJML. The root cause is that untrusted input can be rendered as HTML in the final output when injected into mjml templates, allowing an attacker to influence email contents sent to ot...
PT-2024-21302
Name of the Vulnerable Software and Affected Versions mjml versions 0.10.0 through 0.10.x mjml version 0.11.0 is not affected, as it contains the fix for this issue. However, versions prior to 0.10.0 are also not affected. Description The issue affects users of the mjml-python library who insert...
mjml-python Cross-Site Scripting Vulnerability
mjml-python is a framework to make responsive email easy by Felix Schwarz, an individual developer. A cross-site scripting vulnerability exists in mjml-python versions prior to 0.11.0 that stems from the presence of potentially untrusted input...