Lucene search
+L

96 matches found

NVD
NVD
added 2026/07/09 5:16 p.m.11 views

CVE-2026-15192

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS0.00572EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 4:30 p.m.6 views

EUVD-2026-42624

A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to...

6.9CVSS5.9AI score0.00572EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/09 6:0 a.m.6 views

EUVD-2026-42509

The WP DSGVO Tools GDPR WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export including name, postal address, pho...

5.3CVSS6AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:4 p.m.13 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.9AI score0.00235EPSS
Exploits0References1
NVD
NVD
added 2026/03/12 5:16 p.m.10 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS0.00235EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/12 4:35 p.m.5 views

CVE-2026-25529

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/12 4:35 p.m.4 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
CVE
CVE
added 2026/03/12 4:35 p.m.15 views

CVE-2026-25529

Postal is an open source SMTP server. CVE-2026-25529 affects versions before 3.3.5, where unescaped data could be injected into the admin interface, primarily via the API’s send/raw method. This HTML injection could permit arbitrary HTML and potentially unauthorised JavaScript execution in the ad...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/12 4:35 p.m.7 views

EUVD-2026-11603

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/12 4:35 p.m.28 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS0.00235EPSS
Exploits0References1
OSV
OSV
added 2026/03/12 4:35 p.m.7 views

CVE-2026-25529 Postal has HTML injection / XSS in message view

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/12 12:0 a.m.11 views

Postal 跨站脚本漏洞

Postal is a complete and fully functional email server developed by Postal OpenSource. It is used for websites and web servers. Versions of Postal prior to 3.3.5 contained a cross-site scripting vulnerability. This vulnerability stemmed from the send/raw method in the API, which allowed unescaped...

8.1CVSS5.6AI score0.00235EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/12 12:0 a.m.6 views

PT-2026-25008

Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be included in the admin interface. The primary way for unescaped data to be added is via the API's "send/raw" method. This could allow arbitrary HTML to be...

8.1CVSS5.8AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/18 11:36 p.m.7 views

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS6.1AI score0.00282EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/18 12:34 a.m.5 views

EUVD-2023-60214

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.4CVSS5.7AI score0.00282EPSS
Exploits1References4
OSV
OSV
added 2025/12/17 11:15 p.m.8 views

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

4.6CVSS5.8AI score0.00282EPSS
Exploits1References3
NVD
NVD
added 2025/12/17 11:15 p.m.7 views

CVE-2023-53916

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS0.00282EPSS
Exploits1References3
CVE
CVE
added 2025/12/17 10:44 p.m.16 views

CVE-2023-53916

CVE-2023-53916 affects Zenphoto 1.6 with a stored cross‑site scripting vulnerability in the user postal code field exposed via the admin-users.php interface. When admin user data imported as HTML is viewed, malicious JavaScript injected into the postal code field can execute in the administrator’...

5.1CVSS5.8AI score0.00282EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/17 10:44 p.m.4 views

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS5.8AI score0.00282EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.20 views

CVE-2023-53916 Zenphoto 1.6 Stored Cross-Site Scripting via User Postal Code Field

Zenphoto 1.6 contains a stored cross-site scripting vulnerability in the user postal code field accessible through the admin-users.php interface. When administrators view user information imported as HTML, malicious JavaScript payloads injected into the postal code field execute in their browser...

5.1CVSS0.00282EPSS
Exploits1References3
Rows per page
Query Builder