VYPR
Vendor

Winmail

Products
1
CVEs
3
Across products
3
Status
Private

Products

1

Recent CVEs

3
  • CVE-2024-25501HigMar 9, 2024
    risk 0.57cvss 8.8epss 0.01

    An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter.

  • CVE-2020-23776HigJan 26, 2021
    risk 0.49cvss 7.5epss 0.01

    A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the…

  • CVE-2020-23774MedJan 26, 2021
    risk 0.40cvss 6.1epss 0.01

    A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.