CVE-2020-10098

An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privileged user through the Email functionality. The malicious JavaScript will execute within the browser of any user who opens the Ticket with the Article created from that Email...

EUVD-2017-6432

Malware in sbrugna...

EUVD-2020-2563

Malware in sbrugna...

EUVD-2014-0080

Malware in sbrugna...

EUVD-2025-10314

Malicious code in bioql PyPI...

CVE-2021-30140

LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content such as SVG with HTML content, the payload is executed upon a click. This is fixed in 3.5...

HTML Injection

pimcore/admin-ui-classic-bundle is vulnerable to HTML injection. The vulnerability is due to insufficient sanitization of the content parameter in the email sending functionality, allowing arbitrary HTML code to be injected into emails...

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

GHSA-X82R-6J37-VRGG Pimcore's Admin Classic Bundle allows HTML Injection

Summary An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page content. Details The vulnerability was discovered in the...

CVE-2025-30166

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2025-30166 Pimcore's Admin Classic Bundle allows HTML Injection

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. An HTML injection issue allows users with access to the email sending functionality to inject arbitrary HTML code into emails sent via the admin interface, potentially leading to session cookie theft and the alteration of page...

CVE-2024-12883

A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The...

CVE-2024-42333

CVE-2024-42333 is confirmed in multiple advisories as a memory leak caused by an out-of-bounds read in zabbix server code (src/libs/zbxmedia/email.c). The vulnerability affects Zabbix deployments and has been addressed in multiple distributions: Fedora 40 update to zabbix 6.0.36; Debian bullseye ...

CVE-2023-1844

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

Design/Logic Flaw

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2023-1844 Subscribe2 <= 10.40 - Missing Authorization

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2023-1844 Subscribe2 <= 10.40 - Missing Authorization

The Subscribe2 plugin for WordPress is vulnerable to unauthorized access to email functionality due to a missing capability check when sending test emails in versions up to, and including, 10.40. This makes it possible for author-level attackers to send emails with arbitrary content and attachmen...

CVE-2023-1844

The CVE-2023-1844 entry concerns the WordPress plugin Subscribe2. The vulnerability arises from a missing capability check when sending test emails, enabling author-level attackers to send emails with arbitrary content/attachments to site users in versions up to and including 10.40. The impact is...