HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

GHSA-Q4W9-X3RV-4C8J Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the Mailgen.generatePlaintextemail method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Details...

EUVD-2007-1448

Malware in sbrugna...

USN-7136-2 python-django vulnerability

USN-7136-1 fixed a vulnerability in Django. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: jiangniao discovered that Django incorrectly handled the API to strip tags. A remote attacker could possibly use this issue to cause Djan...

Horde IMP Webmail Client XSS all versions

Hello All, PRELUDE What is HORDE? http://www.horde.org/about/ The Mission The Horde Project is about creating high quality Open Source applications, based on PHP and the Horde Framework. The guiding principles of the Horde Project are to create solid standards-based applications using intelligent...