CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Summary: CVE-2026-3455 affects the node package mailparser up to version 3.9.3. Vulnerability: XSS via the textToHtml() function caused by improper sanitisation of URLs in email content. An attacker can execute arbitrary JavaScript in the victim’s browser by supplying a URL with an extra quote ch...

PT-2026-22720

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...

mailparser 安全漏洞

MailParser is an email parser developed by Nodemailer as open source software. Versions of MailParser prior to 3.9.3 contained a security vulnerability. This vulnerability stemmed from the textToHtml function’s improper handling of URLs in email content, which could lead to cross-site scripting...

Cross-site Scripting (XSS)

Overview mailparser is an email parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to t...

Linux Distros Unpatched Vulnerability : CVE-2021-26929

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 where the HordeTextFilter library before 2.3.7 is used. The attacker can send a...

[SECURITY] Fedora 35 Update: python-markdown2-2.4.2-1.fc35

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...

Fedora: Security Advisory for python-markdown2 (FEDORA-2020-5f8f90e69c)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 29 Update: python-markdown2-2.3.6-1.fc29

Markdown is a text-to-HTML filter; it translates an easy-to-read / easy-to-write structured text format into HTML. Markdown's text format is most similar to that of plain text email, and supports features such as headers, emphasis, code blocks, blockquotes, and links. This is a fast and complete...