FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

SnappyMail -- multiple mXSS in HTML sanitizer

Affected packages
snappymail-php81 < 2.38.0
snappymail-php82 < 2.38.0
snappymail-php83 < 2.38.0
snappymail-php84 < 2.38.0

Details

VuXML ID bd940aba-7467-11ef-a5c4-08002784c58d
Discovery 2024-09-16
Entry 2024-09-16

Oskar reports:

SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript.

[source]

References

CVE Name CVE-2024-45800
URL https://github.com/the-djmaze/snappymail/security/advisories/GHSA-2rq7-79vp-ffxm

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.