CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

PT-2025-44626

Name of the Vulnerable Software and Affected Versions Afterlogic Aurora webmail versions 9.8.3 and below Description A cross-site scripting XSS issue exists in Afterlogic Aurora webmail. An attacker can send a specially crafted HTML email message containing JavaScript within an img HTML tag. This...

CVE-2025-3877

CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.

PT-2025-21186 · Mozilla +5 · Thunderbird +5

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.10.1 Thunderbird versions prior to 138.0.1 Description: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without...

CVE-2022-3033

If a Thunderbird user replied to a crafted HTML email containing a meta tag, with the meta tag having the http-equiv="refresh" attribute, and the content attribute specifying an URL, then Thunderbird started a network request to that URL, regardless of the configuration to block remote content. I...

desknet's buffer overflow vulnerability

Overview destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information. destnet's contains multiple vulnerability. - A malicious script may be executed when the user views an crafted HTML email or information. - A script writt...