41 matches found
GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails
Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...
CVE-2025-62366
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...
CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...
CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...
CVE-2025-62366
Summary: CVE-2025-62366 affects the Node.js package Mailgen. The vulnerability lies in generatePlaintext in versions up to 2.0.30, where encoded HTML entities are not stripped and are later decoded, producing active HTML in plaintext output. If that plaintext is rendered as HTML, attacker-control...
CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...
mailgen 跨站脚本漏洞
mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.30 and earlier, which stems from a failure of the generatePlaintext method to properly filter encoded HTML entities, potentially leading to an HTML...
PT-2025-41969
Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...
EUVD-2025-30449
Malicious code in bioql PyPI...
CVE-2025-59526
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
Cross-site Scripting (XSS)
Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can inject arbitrary HTML content into plaintext emails by supplying crafted...
tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)
mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: SNYK:JS-MAILGEN-13004540...
CVE-2025-59526
CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...
CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...
GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails
HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...
tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)
mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: OSV:GHSA-J2XJ-H7W5-R7VP...
Mailgen: HTML injection vulnerability in plaintext e-mails
HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...
mailgen 跨站脚本漏洞
mailgen is an email generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen versions prior to 2.0.30, which stems from a failure to properly handle user-generated content and could lead to an HTML injection attack...