Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-23776 | 1 Winmail Project | 1 Winmail | 2021-02-03 | 5.0 MEDIUM | 7.5 HIGH |
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request. | |||||
CVE-2020-23774 | 1 Winmail Project | 1 Winmail | 2021-02-01 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed. |