CNNVD-202510-1954 Information

CNNVD ID

CNNVD-202510-1954

Related CVE

CVE-2025-62366

• CNNVD Published: 2025-10-14

Description (Chinese)

mailgen是Elad Nava个人开发者的一个邮件生成库。 mailgen 2.0.30及之前版本存在跨站脚本漏洞，该漏洞源于generatePlaintext方法未能正确过滤编码HTML实体，可能导致HTML注入攻击。

Description (English)

Mailgen is a mail-generated library of Elad Nava’s personal developers. The mailgen 2.0.30 and previous versions have a cross-site script loophole, which stems from the failure of thegeneratePriintext method to properly filter the coded HTML entity, which may result in an HTML injection attack.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-10-14

Last Modified

2026-02-24

References

https://github.com/eladnava/mailgen/commit/7279a983481d05c51aa451e86146f98aaa42fee9 https://github.com/eladnava/mailgen/security/advisories/GHSA-xw6r-chmh-vpmj https://access.redhat.com/security/cve/cve-2025-62366

Patch

https://www.npmjs.com/package/mailgen