HTML Injection

mailgen is vulnerable to HTML injection. The vulnerability is due to improper stripping of HTML tags in the generatePlaintext method when Unicode line-separator characters bypass the regex filter, which allows an attacker to inject unexpected HTML that can be interpreted as executable script...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

CVE-2025-62380 Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.31 contain an HTML injection vulnerability in plaintext emails generated with the generatePlaintext method when user generated content is supplied. The plaintext...

GHSA-XW6R-CHMH-VPMJ Mailgen has HTML Injection and XSS Filter Bypass in Plaintext Emails

Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli @edoardottt. Detail...

CVE-2025-62366

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Mailgen versions through 2.0.30 contain an HTML injection vulnerability in plaintext emails produced by the generatePlaintext method when user‑generated content is supplied. The function attempts t...

mailgen 跨站脚本漏洞

mailgen is a mail generation library by the individual developer Elad Nava. A cross-site scripting vulnerability exists in mailgen version 2.0.30 and earlier, which stems from a failure of the generatePlaintext method to properly filter encoded HTML entities, potentially leading to an HTML...

EUVD-2025-30449

Malicious code in bioql PyPI...

Mailgen: HTML injection vulnerability in plaintext e-mails

HTML Injection and XSS Filter Bypass in Plaintext Emails Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the Mailgen.generatePlaintextemail; method and pass in user-generated content. The issue was discovere...