October CMS Has Stored XSS In Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the mail preview feature of the Event Log, where HTML content is rendered in an iframe without proper sandboxing. An attacker can execute arbitrary JavaScript in the context of a privileged user's browser by...

EUVD-2026-22660

October CMS has Stored XSS in Event Log Mail Preview...

October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

GHSA-J4J5-9X6G-RGXC October CMS has Stored XSS in Event Log Mail Preview

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

CVE-2026-24907

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...

CVE-2026-24907

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...

CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...

CVE-2026-24907

CVE-2026-24907 affects October CMS: versions prior to 3.7.14 and 4.1.10 contain a stored XSS in the Event Log mail preview feature. HTML is rendered in an iframe without proper sandboxing when viewing logged mail messages, allowing JavaScript execution in the viewer’s browser context. The issue i...

CVE-2026-24907 October CMS has Stored XSS via Event Log Mail Preview

October is a Content Management System CMS and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting XSS vulnerability in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing,...

PT-2026-32727

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

CVE-2024-8113 Stored XSS in Placeholder Samples in Mail Preview

Stored XSS in organizer and event settings of pretix up to 2024.7.0 allows malicious event organizers to inject HTML tags into e-mail previews on settings page. The default Content Security Policy of pretix prevents execution of attacker-provided scripts, making exploitation unlikely. However,...

CVE-2024-8113

CVE-2024-8113 affects pretix up to version 2024.7.0, where stored XSS exists in organizer/event settings and can affect email previews on the settings page. The default CSP mitigates script execution, reducing exploitability, and exploitation would require a CSP bypass (not currently known). The ...

Fedora 31 : roundcubemail (2020-2a1a6a8432)

RELEASE 1.4.6 - Installer: Fix regression in SMTP test section 7417 ---- RELEASE 1.4.5 - Fix bug in extracting required plugins from composer.json that led to spurious error in log 7364 - Fix so the database setup description is compatible with MySQL 8 7340 - Markasjunk: Fix regression in jsevent...

CVE-2017-7440

Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop application for Windows and Mac 9.2.0 through 9.2.2, when e-mail preview is enabled, allows remote attackers to conduct clickjacking attacks via a crafted e-mail message...

Views Send - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-061

The Views Send module enables you to send mail to multiple users from a View. The module doesn't sufficiently filter potential user-supplied data when previewing the e-mail which can lead to a Cross Site Scripting XSS vulnerability. This vulnerability is mitigated by the fact that an attacker mus...

Gmail Checker Plus Chrome Extension Cross Site Scripting

Gmail Checker plus Chrome extension XSS extension: https://chrome.google.com/extensions/detail/mihcahmgecmbnbcchbopgniflfhgnkff advisore:http://lostmon.blogspot.com/2010/06/gmail-checker-plus-chrome-extension-xss.html Exploit available:yes So in this case "Google Mail Checker Plus" version 1.1.7...