USN-8323-1: Postorius vulnerability

It was discovered that Postorius did not properly escape HTML in message subjects when rendering the Held messages pop-up. An attacker could possibly use this issue to inject arbitrary HTML, resulting in exposure of sensitive information...

CVE-2026-44742

A flaw was found in Postorius. This vulnerability allows an attacker to embed malicious code within the subject of an email message. When an administrator or user views the 'Held messages pop-up', this malicious code is executed in their web browser. This can lead to Cross-Site Scripting XSS,...

Postorius is vulnerable to XSS

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

CVE-2026-44742

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

EUVD-2021-18868

Malware in sbrugna...

Postorius < 1.3.5 Unsubscribe Vulnerability

Postorius is prone to an unsubscribe vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:postoriusproject:postorius";...

postorius -- XSS

NIST reports: Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026...

USN-5157-1 postorius vulnerability

It was discovered that Postorius mishandled specially crafted input. An attacker could use this vulnerability that obtain sensitive information...