Cross-site Scripting (XSS)

mailgen is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization in the generatePlaintext method, which fails to remove HTML tags provided as encoded entities, allowing an attacker to inject malicious HTML or JavaScript that can execute when the resulting...

EUVD-2025-34231

Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails...

Cross-site Scripting (XSS)

Overview mailgen is a Generates clean, responsive HTML e-mails for sending transactional mail. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the generatePlaintext function. An attacker can get access to sensitive information by injecting encoded HTML content int...

CVE-2025-62366 Mailgen vulnerable to HTML injection and cross-site scripting via plaintext email generation

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

CVE-2025-59526

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...

CVE-2025-59526 Mailgen: HTML injection vulnerability in plaintext e-mails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintextemail method is used and given...