FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
bd940aba-7467-11ef-a5c4-08002784c58d	SnappyMail -- multiple mXSS in HTML sanitizer Oskar reports: SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript. Discovery 2024-09-16 Entry 2024-09-16 snappymail-php81 snappymail-php82 snappymail-php83 snappymail-php84 < 2.38.0 CVE-2024-45800 https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm

VuXML ID

Description

bd940aba-7467-11ef-a5c4-08002784c58d

SnappyMail -- multiple mXSS in HTML sanitizer

Oskar reports:

SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript.

Discovery 2024-09-16
Entry 2024-09-16
snappymail-php81
snappymail-php82
snappymail-php83
snappymail-php84

< 2.38.0

CVE-2024-45800
https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm