5 matches found
CVE-2020-1904
A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlsx, and pptx files as attachments to messages...
CVE-2020-25104
eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to an object. For example, the filename has a complete XSS payload followed by the .png extension...
Amazon Linux 2 : evolution (ALAS-2025-2833)
The version of evolution installed on the remote host is prior to 3.28.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2833 advisory. An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 mailto?attach=... parameter, a...
PT-2022-25412 · Mozilla +4 · Thunderbird +4
Name of the Vulnerable Software and Affected Versions: xdg-mail affected versions not specified Description: The issue arises when xdg-mail is configured to use thunderbird for mailto URLs, leading to improper parsing of the URL. This can result in additional headers being passed to thunderbird...
persistent xss through svg file attachment download
The fix for CONF-22132 was not sufficient because "svg" files are not "said" to be xml by the isXml method. This means that is possible for a malicious party to upload a svg file containing html/javascript which will be rendered in victim's web browser. This bug should have been raised a while ag...