CNNVD-202510-2096 Information

CNNVD ID

CNNVD-202510-2096

Related CVE

CVE-2025-62380

• CNNVD Published: 2025-10-15

Description (Chinese)

mailgen是Elad Nava个人开发者的一个邮件生成库。 mailgen 2.0.31及之前版本存在跨站脚本漏洞，该漏洞源于generatePlaintext方法在处理用户生成内容时未正确过滤HTML标签，可能导致跨站脚本攻击。

Description (English)

Mailgen is a mail-generated library of Elad Nava’s personal developers. Mailgen 2.0.31 and previous versions have a cross-site script loophole, which stems from the fact that the user-generated content was not correctly filtered by the rooting method and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

个人开发者

Published

2025-10-15

Last Modified

2026-02-24

References

https://github.com/eladnava/mailgen/security/advisories/GHSA-q4w9-x3rv-4c8j https://github.com/eladnava/mailgen/commit/7a791a424ff3a3f7783f8750919f1e98639924a8 https://access.redhat.com/security/cve/cve-2025-62380

Patch

https://github.com/eladnava/mailgen