8 matches found
CVE-2026-2451 Unsafe variable evaluation in email templates
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when name is used in an email template, it will be replaced with the buyer's name for the final email. This mechanism contained a security-relevant bug: It was possible to exfiltrate information...
Improper Neutralization of Special Elements Used in a Template Engine
Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...
EUVD-2023-2677
Malicious code in bioql PyPI...
CVE-2025-58800
Cross-Site Request Forgery CSRF vulnerability in Steve Truman WP Email Template wp-email-template allows Cross Site Request Forgery.This issue affects WP Email Template: from n/a through = 2.8.6...
CVE-2024-23761
Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template...
CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting...
CVE-2023-3726 OCSInventory-ocsreports 2.12.0 - Stored cross-site Scripting
OCSInventory allow stored email template with special characters that lead to a Stored cross-site Scripting...
Unspecified Vulnerability in Mattermost Server (CNVD-2020-48242)
Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 4.2.0, 4.1.1, and 4.0.5, which stems from the program not neutralizing the HTML content of a field in an email template. An...