[FREEBSD:3E917407-4B3F-11EF-8E49-001999F8D30B] Mailpit -- Content Security Policy XSS

Affected Packages 1

Mailpit developer reports:

  A vulnerability was discovered which allowed a bad
  actor with SMTP access to Mailpit to bypass the Content
  Security Policy headers using a series of crafted HTML
  messages which could result in a stored XSS attack via
  the web UI.

Package	Affected Version
pkg:freebsd/mailpit	< 1.19.3

ID: FREEBSD:3E917407-4B3F-11EF-8E49-001999F8D30B
URL: http://vuxml.freebsd.org/freebsd/3e917407-4b3f-11ef-8e49-001999f8d30b.html
Published: 2024-07-26T00:00:00
(6 weeks ago)
Modified: 2024-07-26T00:00:00
(6 weeks ago)
Rights: FreeBSD VuXML Security Team

Source	# ID	Name	URL
FreeBSD VuXML			https://github.com/axllent/mailpit/releases/tag/v1.19.3

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:freebsd/mailpit		mailpit	< 1.19.3