mailparser vulnerable to Cross-site Scripting

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

EUVD-2026-9279

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

CVE-2026-3455

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...

PT-2026-22720

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...

Cross-site Scripting (XSS)

Overview mailparser is an email parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to t...

EUVD-2024-2354

Malicious code in bioql PyPI...

Silverstripe HtmlEditor embed url sanitisation

"Add from URL" doesn't clearly sanitise URL server side HtmlEditorFieldToolbar has an action HtmlEditorFieldToolbarviewfile, which gets called by the CMS when adding a media "from a URL" i.e. via oembed. This action gets the URL to add in the GET parameter FileURL. However it doesn't do any URL...

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

CVE-2023-24030

An open redirect vulnerability exists in the /preauth Servlet in Zimbra Collaboration Suite through 9.0 and 8.8.15. To exploit the vulnerability, an attacker would need to have obtained a valid zimbra auth token or a valid preauth token. Once the token is obtained, an attacker could redirect a us...

CVE-2022-3440 Rock Convert < 2.6.0 - Reflected Cross-Site Scripting

The Rock Convert WordPress plugin before 2.11.0 does not sanitise and escape an URL before outputting it back in an attribute when a specific widget is present on a page, leading to a Reflected Cross-Site Scripting...

CVE-2022-2040

The Brizy WordPress plugin before 2.4.2 does not sanitise and escape some element URL, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...

WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation

Description According to the WordPress release notes: "Props to Soroush Dalili @irsdl from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting XSS attacks." PoC Thanks to @irsdl's Hacker1 disclosure: JS - Numerical Entities JS - Hex Entities...

Multiple XSS in HESK

Vulnerability ID: HTB23030 Reference: http://www.htbridge.ch/advisory/multiplexssinhesk.html Product: HESK Vendor: Klemen Stirn http://www.hesk.com/ Vulnerable Version: 2.2 and probably prior Tested on: 2.2 Vendor Notification: 06 July 2011 Vulnerability Type: XSS Cross Site Scripting Risk level:...

Opera Web Browser Multiple XSS Vulnerability (Windows)

The host is installed with Opera web browser and is prone to multiple Cross Site Scripting XSS Vulnerability. OpenVAS Vulnerability Test $Id: gboperamultvulnoct08win.nasl 6519 2017-07-04 14:08:14Z cfischer $ Opera Web Browser Multiple XSS Vulnerability Windows Authors: Chandan S Copyright:...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner...

RHEL 3 : squirrelmail (RHSA-2005:135)

An updated Squirrelmail package that fixes several security issues is now available for Red Hat Enterprise Linux 3. SquirrelMail is a standards-based webmail package written in PHP4. Jimmy Conner discovered a missing variable initialization in Squirrelmail. This flaw could allow potential insecur...