Описание
No description is available for this CVE.
Дополнительная информация
Статус:
Low
Дефект:
CWE-79
https://bugzilla.redhat.com/show_bug.cgi?id=2397492mailgen: Mailgen: HTML injection vulnerability in plaintext e-mails
Связанные уязвимости
nvd
3 месяца назад
mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email).
CVSS3: 5.3
github
3 месяца назад
Mailgen: HTML injection vulnerability in plaintext e-mails