CVE-2019-13389

Summary of CVE-2019-13389 : RainLoop Webmail prior to 1.13.0 is vulnerable due to missing XSS protections (no xlink:href validation, no X-XSS-Protection header, and no Content-Security-Policy header). The vulnerability can lead to cross-site scripting as described in multiple sources. Exploitatio...

CVE-2022-29360

The CVE-2022-29360 issue affects RainLoop’s Email Viewer (RainLoop) when processing HTML content in emails, enabling cross‑site scripting via a crafted text/html email message in versions up to 1.6.0. Technical sources reference this XSS in RainLoop’s Email Viewer and note remediation in Debian: ...