CNNVD-202601-2097 Information
CNNVD ID
CNNVD-202601-2097
Related CVE
- CNNVD Published: 2026-01-13
Description (Chinese)
MailHog是MailHog开源的一个SMTP协议测试工具。 Mailhog 1.0.1版本存在跨站脚本漏洞,该漏洞源于存储型跨站脚本,可能导致攻击者通过电子邮件附件注入恶意脚本并执行任意API调用。
Description (English)
MailHog is a SMTP protocol test tool for the MailHog open source. The version of Mailhog 1.01 has a cross-site script loophole, which originates from a storage-type cross-site script, which may result in the attackers injecting malicious scripts through e-mail attachments and carrying out arbitrary API calls.
Hazard Level
Medium
Vulnerability Type
跨站脚本
Affected Vendor
MailHog
Published
2026-01-13
Last Modified
2026-02-24
References
https://github.com/mailhog/MailHog https://www.vulncheck.com/advisories/mailhog-stored-cross-site-scripting-xss https://www.shodan.io/search?query=mailhog https://www.exploit-db.com/exploits/50971 https://access.redhat.com/security/cve/cve-2022-50908
Patch
https://github.com/mailhog/MailHog/releases
Share on: