vulnerability
FreeBSD: VID-bd940aba-7467-11ef-a5c4-08002784c58d (CVE-2024-45800): SnappyMail -- multiple mXSS in HTML sanitizer
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | Sep 16, 2024 | Sep 18, 2024 | Dec 10, 2025 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
Sep 16, 2024
Added
Sep 18, 2024
Modified
Dec 10, 2025
Description
Oskar reports: SnappyMail uses the `cleanHtml()` function to cleanup HTML and CSS in emails. Research discovered that the function has a few bugs which cause an mXSS exploit. Because the function allowed too many (invalid) HTML elements, it was possible (with incorrect markup) to trick the browser to "fix" the broken markup into valid markup. As a result a motivated attacker may be able to inject javascript.
Solutions
freebsd-upgrade-package-snappymail-php81freebsd-upgrade-package-snappymail-php82freebsd-upgrade-package-snappymail-php83freebsd-upgrade-package-snappymail-php84
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.