15 matches found
WordPress plugin Sendmachine for WordPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2026-40567
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
EUVD-2026-24168
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40567 FreeScout has HTML Injection in Outgoing Emails via Unsanitized Customer Name in Signature Variables
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
CVE-2026-40567
FreeScout (self-hosted help desk) contains an HTML injection vulnerability in outgoing emails prior to v1.8.213. An unauthenticated attacker can craft the From display name in an email; the name is stored in the database without sanitization and rendered unescaped in outgoing replies via the {%cu...
PT-2026-34011
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can inject arbitrary HTML into outgoing emails generated by FreeScout by sending an email with a crafted From display name. The name is stored in the database without sanitization a...
FreeScout 安全漏洞
FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from uncleanly storing the From display name in the...
Lunary 安全漏洞
lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...
Atlassian Jira 8.9.x < 8.9.1 Multiple Vulnerabilities.
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to access outgoing emails between a Jira instance and the SMTP...
CVE-2020-14168
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability...
Security feature bypass
The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability...
CVE-2020-14168
The MITM vulnerability CVE-2020-14168 affects Jira Server and Data Center’s email client. Affected: Jira versions prior to 7.13.16; 8.5.x before 8.5.7; 8.8.x before 8.8.2; 8.9.x before 8.9.1. Impact: remote attackers could access outgoing emails between a Jira instance and the SMTP server. Remedi...
PT-2019-15209 · Dolibarr · Dolibarr
Name of the Vulnerable Software and Affected Versions: Dolibarr version 10.0.2 Description: The issue is related to a security problem where an attacker can inject malicious code. This is possible through the "outgoing email setup" feature, specifically in the "/admin/mails.php?action=edit" API...
CVE-2009-5035
The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle multiple outgoing e-mail messages between sync operations, which might allow remote attackers to read communications intended for other recipients by examining appended messages...