41 matches found
HTML Injection
mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...
HTML Injection
mailgen is vulnerable to HTML injection. The vulnerability is due to improper sanitization of user-supplied content and Mailgen.generatePlaintextemail retaining HTML tags from input. An attacker can supply crafted content to inject HTML into generated plaintext emails...
CVE-2025-62380
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62366
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...
tom-microservice (=3.2.28) potentially affected by CVE-2025-62380 via mailgen (=2.0.20)
mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-62380 Source advisory: SNYK:JS-MAILGEN-13559301...
GHSA-Q4W9-X3RV-4C8J Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...
Cross-site Scripting (XSS)
Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can execute arbitrary JavaScript code in the context of the victim's browser ...
EUVD-2025-34682
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails...
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...
CVE-2025-62380
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...
CVE-2025-62380
Mailgen (Node.js) versions up to 2.0.31 expose an HTML injection/XSS risk in plaintext output generated by generatePlaintext. The plaintext cleaning code strips HTML tags with a regex, decodes HTML entities, and then replaces decoded content; however, HTML tags containing certain Unicode line sep...
CVE-2025-62380
creationtimestamp| type| source ---|---|--- 2025-10-15 05:44:58+00:00| published-proof-of-concept| https://github.com/eladnava/mailgen/security/advisories/GHSA-q4w9-x3rv-4c8j...
mailgen 跨站脚本漏洞
mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.31 and earlier, which stems from the generatePlaintext method not properly filtering HTML tags when processing user-generated content, which could lead to...
tom-microservice (=3.2.28) potentially affected by CVE-2025-62366 via mailgen (=2.0.20)
mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-62366 Source advisory: SNYK:JS-MAILGEN-13552209...
GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...
EUVD-2025-34231
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails...
Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...