2 matches found
CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...
CVE-2024-31204
CVE-2024-31204 affects mailcow: dockerized prior to 2024-04. The issue is in the exception handling path when DEV_MODE is disabled: exception details are stored in a session array without proper sanitization and later rendered into HTML/JavaScript without escaping, enabling Cross-Site Scripting (...