11 matches found
EUVD-2024-41608
Malicious code in bioql PyPI...
CVE-2024-45800
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
FreeBSD : SnappyMail -- multiple mXSS in HTML sanitizer (bd940aba-7467-11ef-a5c4-08002784c58d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bd940aba-7467-11ef-a5c4-08002784c58d advisory. Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research...
CVE-2024-45800
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
CVE-2024-45800
CVE-2024-45800 concerns SnappyMail (Snappymail), a web-based email client. The issue lies in the HTML sanitizer: the cleanHtml() function allows too many invalid HTML elements, which can be coerced by malformed markup into valid markup, enabling a targeted mXSS javascript injection. The documente...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
CVE-2024-45800 Multiple mXSS found in snappymail HTML parser
Snappymail is an open source web-based email client. SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with...
SnappyMail 跨站脚本漏洞
SnappyMail is a simple, modern, lightweight and fast web-based e-mail client from Maarten Personal Developers. A cross-site scripting vulnerability exists in SnappyMail versions prior to v2.38.0, which stems from the cleanHtml function allowing too many invalid HTML elements. An attacker can...
SnappyMail -- multiple mXSS in HTML sanitizer
Oskar reports: SnappyMail uses the cleanHtml function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many invalid HTML elements, it was possible with incorrect markup to trick the browser to "fi...
Unpatched Bug in RainLoop Webmail Could Give Hackers Access to all Emails
An unpatched high-severity security flaw has been disclosed in the open-source RainLoop web-based email client that could be weaponized to siphon emails from victims' inboxes. "The code vulnerability ... can be easily exploited by an attacker by sending a malicious email to a victim that uses...