16 matches found
Security Bulletin: IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution (CVE-2026-3455)
Summary IBM App Connect Enterprise Certified Container IntegrationServer and IntegrationRuntime operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability in Node.js module mailparsr CVE-2026-3455 Vulnerability Details...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
@8base/api-cli (>=0.0.1 <=0.1.0), @abhishekdeb/ezmailer (>=0.0.1 <=0.0.2) +576 more potentially affected by CVE-2026-3455 via mailparser (>=0.2.30 <=3.9.1)
mailparser NPM version =0.2.30, =0.0.1, =0.0.1, =0.6.0, =0.0.1, =0.0.1, =1.2.1, =0.16.9, =1.0.0, =0.5.0, =2.5.0-beta.0, =2.5.0-beta.7 and more Source cves: CVE-2026-3455 Source advisory: OSV:GHSA-7GMJ-H9XC-MCXC...
GHSA-7GMJ-H9XC-MCXC mailparser vulnerable to Cross-site Scripting
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
mailparser vulnerable to Cross-site Scripting
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-3455
Summary: CVE-2026-3455 affects the node package mailparser up to version 3.9.3. Vulnerability: XSS via the textToHtml() function caused by improper sanitisation of URLs in email content. An attacker can execute arbitrary JavaScript in the victim’s browser by supplying a URL with an extra quote ch...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
EUVD-2026-9279
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
CVE-2026-3455
Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded...
mailparser 安全漏洞
MailParser is an email parser developed by Nodemailer as open source software. Versions of MailParser prior to 3.9.3 contained a security vulnerability. This vulnerability stemmed from the textToHtml function’s improper handling of URLs in email content, which could lead to cross-site scripting...
PT-2026-22720
Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3 Description The package mailparser is susceptible to Cross-site Scripting XSS due to insufficient sanitization of URLs within email content. Specifically, the textToHtml function does not properly handle URLs...
@activeboxes/piece-gmail (=0.8.1), @activeboxes/piece-imap (=0.2.10) +78 more potentially affected by CVE-2026-3455 via mailparser (>=3.0.0 <=3.9.1)
mailparser NPM version =3.0.0, =0.6.0, =0.0.1, =0.0.1, =1.0.0, =0.5.0, =1.0.64-alpha, =1.0.21-alpha, =4.0.1-alpha, =6.1.180-alpha and more Source cves: CVE-2026-3455 Source advisory: SNYK:JS-MAILPARSER-15204032...
Cross-site Scripting (XSS)
Overview mailparser is an email parser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the textToHtml function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to t...