CNNVD-202509-3231 Information

CNNVD ID

CNNVD-202509-3231

Related CVE

CVE-2025-59526

• CNNVD Published: 2025-09-22

Description (Chinese)

mailgen是Elad Nava个人开发者的一个邮件生成库。 mailgen 2.0.30之前版本存在跨站脚本漏洞，该漏洞源于未对用户生成内容进行适当处理，可能导致HTML注入攻击。

Description (English)

Mailgen is a mail-generated library of Elad Nava’s personal developers. The pre-mailgen 2.0.30 version had a cross-site script loophole, which stemmed from the failure to adequately address user-generated content and could lead to an HTML injection attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-09-22

Last Modified

2026-02-24

References

https://github.com/eladnava/mailgen/commit/741a0190ddae0f408b22ae3b5f0f4c3f5cf4f11d https://github.com/eladnava/mailgen/security/advisories/GHSA-j2xj-h7w5-r7vp https://access.redhat.com/security/cve/cve-2025-59526

Patch

https://www.npmjs.com/package/mailgen