Lucene search
K

41 matches found

OSV
OSV
added 2025/10/14 7:49 p.m.3 views

GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

2.3CVSS7.4AI score0.00395EPSS
Exploits0References4
NVD
NVD
added 2025/10/14 4:15 p.m.9 views

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS0.00395EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/14 3:23 p.m.11 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS0.00395EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/14 3:23 p.m.1 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS6.8AI score0.00395EPSS
Exploits0References2
CVE
CVE
added 2025/10/14 3:23 p.m.15 views

CVE-2025-62366

Summary: CVE-2025-62366 affects the Node.js package Mailgen. The vulnerability lies in generatePlaintext in versions up to 2.0.30, where encoded HTML entities are not stripped and are later decoded, producing active HTML in plaintext output. If that plaintext is rendered as HTML, attacker-control...

6.3CVSS6.8AI score0.00395EPSS
Exploits0References2
OSV
OSV
added 2025/10/14 3:23 p.m.4 views

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

6.3CVSS7.3AI score0.00395EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/10/14 12:0 a.m.4 views

mailgen 跨站脚本漏洞

mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.30 and earlier, which stems from a failure of the generatePlaintext method to properly filter encoded HTML entities, potentially leading to an HTML...

6.3CVSS6.1AI score0.00395EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.8 views

PT-2025-41969

Name of the Vulnerable Software and Affected Versions mailgen versions through 2.0.30 Description mailgen is a Node.js package used to generate responsive HTML e-mails. Versions through 2.0.30 have an issue where the generatePlaintext function does not properly remove encoded HTML entities from...

6.3CVSS6.6AI score0.00395EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-30449

Malicious code in bioql PyPI...

6.9CVSS6.4AI score0.00409EPSS
Exploits0References4
NVD
NVD
added 2025/09/22 8:15 p.m.12 views

CVE-2025-59526

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

6.9CVSS0.00409EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/22 7:45 p.m.6 views

Cross-site Scripting (XSS)

Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can inject arbitrary HTML content into plaintext emails by supplying crafted...

7.2CVSS5.3AI score0.00409EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/09/22 7:45 p.m.6 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: SNYK:JS-MAILGEN-13004540...

6.9CVSS5.8AI score0.00409EPSS
Exploits0
CVE
CVE
added 2025/09/22 7:27 p.m.20 views

CVE-2025-59526

CVE-2025-59526 affects the Node.js package mailgen. A HTML injection/XSS vulnerability exists in plaintext emails generated by Mailgen when using generatePlaintext(email) with user-provided content. The issue is fixed in version 2.0.30; a workaround is stripping HTML tags from input before passin...

6.9CVSS6.7AI score0.00409EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 7:27 p.m.5 views

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/22 7:27 p.m.13 views

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

6.9CVSS0.00409EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/22 7:27 p.m.13 views

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

6.9CVSS6.7AI score0.00409EPSS
Exploits0References2
OSV
OSV
added 2025/09/22 6:3 p.m.6 views

GHSA-J2XJ-H7W5-R7VP Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

5.3CVSS6.8AI score0.00409EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/09/22 6:3 p.m.9 views

tom-microservice (=3.2.28) potentially affected by CVE-2025-59526 via mailgen (=2.0.20)

mailgen NPM version =2.0.20 is affected by a known vulnerability. The following packages have a transitive dependency on mailgen and may be impacted: - tom-microservice =3.2.28 Source cves: CVE-2025-59526 Source advisory: OSV:GHSA-J2XJ-H7W5-R7VP...

6.9CVSS5.8AI score0.00409EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/22 6:3 p.m.11 views

Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...

6.9CVSS6.9AI score0.00409EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.5 views

mailgen 跨站脚本漏洞

mailgen is an email generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen versions prior to 2.0.30, which stems from a failure to properly handle user-generated content and could lead to an HTML injection attack...

6.9CVSS6AI score0.00409EPSS
Exploits0References3
Rows per page
Query Builder