Medium severity6.1NVD Advisory· Published May 18, 2026· Updated May 19, 2026
CVE-2026-29964
CVE-2026-29964
Description
HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output encoding, allowing a remote attacker to execute arbitrary JavaScript code in the context of a victim's browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:hsclabs:mailinspector:5.3.3-7:*:*:*:*:*:*:*
- Range: = 5.3.3-7
Patches
Vulnerability mechanics
References
2- github.com/sql3t0/cve-disclosures/blob/main/03_-_CVE-2026-29964_XSS.mdnvdThird Party Advisory
- hsclabs.com/pt-br/mailinspector/nvdProduct
News mentions
0No linked articles in our index yet.