FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
a8118db0-cac2-11ec-9288-0800270512f4	rainloop -- cross-site-scripting (XSS) vulnerability Simon Scannell reports: The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links. Discovery 2022-04-19 Entry 2022-05-03 rainloop-php74 rainloop-php80 rainloop-php81 rainloop-community-php74 rainloop-community-php80 rainloop-community-php81 < 1.16.0_2 CVE-2022-29360 https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw https://github.com/RainLoop/rainloop-webmail/issues/2142

VuXML ID

Description

a8118db0-cac2-11ec-9288-0800270512f4

rainloop -- cross-site-scripting (XSS) vulnerability

Simon Scannell reports:

The code vulnerability can be easily exploited by an attacker by sending a malicious email to a victim that uses RainLoop as a mail client. When the email is viewed by the victim, the attacker gains full control over the session of the victim and can steal any of their emails, including those that contain highly sensitive information such as passwords, documents, and password reset links.

Discovery 2022-04-19
Entry 2022-05-03
rainloop-php74
rainloop-php80
rainloop-php81
rainloop-community-php74
rainloop-community-php80
rainloop-community-php81

< 1.16.0_2

CVE-2022-29360
https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw
https://github.com/RainLoop/rainloop-webmail/issues/2142