Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email attachments due to the missing verification for API requests to localhost. An attacker can execute arbitrary scripts in the context of the user's browser by sending specially crafted emails...

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

CVE-2022-50908

MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...

CVE-2022-50908 Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

CVE-2022-50908 Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

PT-2026-2384

Name of the Vulnerable Software and Affected Versions Mailhog version 1.0.1 Description Mailhog version 1.0.1 has a stored cross-site scripting issue. Attackers can inject malicious scripts through email attachments. By sending crafted emails with XSS payloads, attackers can execute arbitrary API...

MailHog 跨站脚本漏洞

MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...

MiracleLinux 9 : xdg-utils-1.1.3-13.el9_6 (AXSA:2025-10482:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10482:01 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

[SECURITY] [DLA 4434-1] sogo security update

Debian LTS Advisory DLA-4434-1 [email protected] https://www.debian.org/lts/security/ Tobias Frost January 06, 2026 https://wiki.debian.org/LTS Package : sogo Version : 5.0.1-4+deb11u3 CVE ID : CVE-2024-34462 CVE-2025-63499 Debian Bug : 1071163 1121952 Several XSS vulnerabiltiies have...

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2023-45856

qdPM 9.2 allows remote code execution by using the Add Attachments feature of Edit Project to upload a .php file to the /uploads URI...

CVE-2023-4933

The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the directories where it stores attachments to job applications, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

CVE-2023-40386

A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments...

CVE-2022-35487

Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...

CVE-2020-12687

An issue was discovered in Serpico before 1.3.3. The /admin/attacmentsbackup endpoint can be requested by non-admin authenticated users. This means that an attacker with a user account can retrieve all of the attachments of all users including administrators from the database...

CVE-2021-2380

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Attachments / File Upload. Supported versions that are affected are 12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromis...

CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

CVE-2026-22234

OPEXUS eCasePortal before version 9.0.45.0 allows an unauthenticated attacker to navigate to the 'Attachments.aspx' endpoint, iterate through predictable values of 'formid', and download or delete all user-uploaded files, or upload new files...

CVE-2026-22234

The CVE-2026-22234 issue affects OPEXUS eCasePortal (and related eComplaint) versions before 9.0.45.0, where an unauthenticated attacker can navigate to Attachments.aspx and, by iterating through predictable formid values, download or delete all user-uploaded files and even upload new ones. This ...