PT-2026-32727

A stored cross-site scripting XSS vulnerability was identified in the Event Log mail preview feature. When viewing logged mail messages, HTML content was rendered in an iframe without proper sandboxing, allowing JavaScript execution in the viewer's browser context. Impact - Stored XSS via mail...

EUVD-2023-43820

Malicious code in bioql PyPI...

CVE-2023-3135

The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-3135

CVE-2023-3135 – Mailtree Log Mail (WordPress) Stored XSS . The Mailtree Log Mail plugin is vulnerable in versions

CVE-2023-3135 Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject

The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

CVE-2023-3135 Mailtree Log Mail <= 1.0.0 - Unauthenticated Stored Cross-Site Scripting via Email Subject

The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...

PT-2023-23294 · WordPress · Mailtree Log Mail

Name of the Vulnerable Software and Affected Versions: Mailtree Log Mail plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via an email subject due to insufficient input sanitization and output escaping. This allows...

WordPress Mailtree Log Mail Plugin <= 1.0.0 is vulnerable to Cross Site Scripting (XSS)

Software Mailtree Log Mail Type Plugin Vulnerable versions = 1.0.0 Fixed in 1.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-3135 Patch priority Low CVSS severity Low 7.2 Developer Claim ownership PSID e74e0d24830e Credits Alex Thomas Required...

Mailtree Log Mail < 1.0.1 - Unauthenticated Stored Cross-Site Scripting

The plugin does not properly sanitize and escape the input received through the email subject, leading to potential Stored Cross-Site Scripting XSS. This can result in the execution of arbitrary web scripts whenever a user accesses a compromised page...

WordPress plugin Log WP_Mail 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...