FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Mailpit -- Content Security Policy XSS

Affected packages
mailpit < 1.19.3

Details

VuXML ID 3e917407-4b3f-11ef-8e49-001999f8d30b
Discovery 2024-07-26
Entry 2024-07-26

Mailpit developer reports:

A vulnerability was discovered which allowed a bad actor with SMTP access to Mailpit to bypass the Content Security Policy headers using a series of crafted HTML messages which could result in a stored XSS attack via the web UI.

[source]

References

URL https://github.com/axllent/mailpit/releases/tag/v1.19.3

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.