← Back

Winmail

winmail

Vendor: Winmail Project • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-23776
1Winmail Project
1Winmail
Nov 21, 2024
Jan 26, 2021
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the requ...Show more
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.Show less
CVE-2020-23774
1Winmail Project
1Winmail
Nov 21, 2024
Jan 26, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.