5 matches found
CVE-2026-42192
Plunk: Stored XSS in campaign view. Affected: Plunk open-source email platform (AWS SES-based). Vulnerable component: campaign management, where email body content created by authenticated project members is stored and later rendered in the admin dashboard via dangerouslySetInnerHTML without HTML...
PT-2026-26375
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.208 and below are vulnerable to Stored Cross-Site Scripting XSS through FreeScout's email notification templates. Incoming email bodies are stored in the database without sanitization and rendered...
CVE-2023-41316
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...
Design/Logic Flaw
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...
CVE-2023-41316 HTML Injection with email in Tolgee
Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitati...