107 matches found
EUVD-2012-2561
Malware in sbrugna...
EUVD-2010-4047
Malware in sbrugna...
EUVD-2009-1577
Malware in sbrugna...
EUVD-2008-3810
Malware in sbrugna...
EUVD-2010-3474
Malware in sbrugna...
EUVD-2022-34171
Malicious code in bioql PyPI...
CVE-2010-4071
Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...
CVE-2012-2575
Cross-site scripting XSS vulnerability in NetWin SurgeMail 6.0a4 allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IFRAME element in the body of an HTML e-mail message...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
CVE-2024-11182
MDaemon Email Server is affected by CVE-2024-11182: an XSS in HTML emails containing JavaScript in an img tag, exploitable in the webmail UI prior to version 24.5.1c. Impact is loading arbitrary JavaScript in the browser context of a webmail user. The vendor patched to 24.5.1c (Nov 14, 2024); exp...
CVE-2024-11182 Stored XSS vulnerability in MDaemon Email Server
An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...
BIT-ROUNDCUBE-2020-15562
An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x before 1.3.14, and 1.4.x before 1.4.7. It allows XSS via a crafted HTML e-mail message, as demonstrated by a JavaScript payload in the xmlns aka XML namespace attribute of a HEAD element when an SVG element exists...
openSUSE 15 Security Update : roundcubemail (openSUSE-SU-2023:0345-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2023:0345-1 advisory. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...
CVE-2023-5631
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
Cross site scripting
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631 Stored XSS vulnerability in Roundcube
Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...
CVE-2023-5631
CVE-2023-5631 affects Roundcube Webmail. The issue is a stored XSS via an HTML e-mail message containing a crafted SVG, caused by logic in Roundcube’s rcube_washtml.php. Affected versions are Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4. Successful exploitation could allow ...
Cross site scripting
OX App Suite through 8.2 allows XSS via a certain complex hierarchy that forces use of Show Entire Message for a huge HTML e-mail message...
CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message...
Cross site scripting
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message...