Lucene search
K

6 matches found

Github Security Blog
Github Security Blog
added 2026/04/08 3:5 p.m.22 views

Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

6AI score
Exploits0References4Affected Software1
OSV
OSV
added 2026/04/08 3:5 p.m.3 views

GHSA-VVJJ-XCJG-GR5G Nodemailer Vulnerable to SMTP Command Injection via CRLF in Transport name Option (EHLO/HELO)

Summary Nodemailer versions up to and including 8.0.4 are vulnerable to SMTP command injection via CRLF sequences in the transport name configuration option. The name value is used directly in the EHLO/HELO SMTP command without any sanitization for carriage return and line feed characters \r\n. A...

4.9CVSS5.9AI score
Exploits0References4
Snyk
Snyk
added 2025/10/16 6:42 p.m.6 views

Cross-site Scripting (XSS)

Overview librenms/librenms is a fully featured network monitoring system that provides a wealth of features and device support. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Transport name field, which is stored and later rendered in the Transports column of...

5.5CVSS5.3AI score0.11639EPSS
Exploits1References2
Veracode
Veracode
added 2022/02/15 6:22 a.m.21 views

Cross-site Scripting (XSS)

librenms/librenms is vulnerable to cross-site scriptingXSS attacks. The vulnerability exists due to the lack of sanitization in the Transport name field in the alert-transports.inc.php file allowing an attacker to inject and execute malicious javascript through the alerts module...

6.1CVSS3AI score0.00998EPSS
Exploits1References6Affected Software1
Huntr
Huntr
added 2022/02/12 9:28 p.m.29 views

Cross-site Scripting (XSS) - Generic in librenms/librenms

Description Cross-Site Scripting vulnerability in LibreNMS v22.1.0 which allows attackers to execute arbitrary javascript code which affected Alerts module Alert Transport in Transport name field. Proof of Concept Endpoint: 1 POST http://HOST/ajaxform.php - Parameter name Payload: ' XSS will...

4.3CVSS0.2AI score0.00998EPSS
Exploits1
Cvelist
Cvelist
added 2017/05/23 3:56 a.m.30 views

CVE-2017-5870

Multiple cross-site scripting XSS vulnerabilities in ViMbAdmin 3.0.15 allow remote attackers to inject arbitrary web script or HTML via the 1 domain or 2 transport parameter to domain/add; the 3 name parameter to mailbox/add/did/; the 4 goto parameter to alias/add/did/; or the 5 captchatext...

5.8AI score0.01012EPSS
Exploits2References2
Rows per page
Query Builder