Skip to content

Commit 155f2b3

Browse files
advisory-database[bot]advisory-database[bot]
committed
Publish Advisories
GHSA-pjr6-wxmx-75cg GHSA-qrv4-g78c-hphg
1 parent 375895c commit 155f2b3

2 files changed

Lines changed: 22 additions & 8 deletions

File tree

advisories/unreviewed/2026/05/GHSA-pjr6-wxmx-75cg/GHSA-pjr6-wxmx-75cg.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-pjr6-wxmx-75cg",
4-
"modified": "2026-05-18T18:31:30Z",
4+
"modified": "2026-05-19T00:31:34Z",
55
"published": "2026-05-18T18:31:30Z",
66
"aliases": [
77
"CVE-2026-29964"
88
],
99
"details": "HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaScript syntax. The endpoint reflects unsanitized user input in HTTP responses without adequate output encoding, allowing a remote attacker to execute arbitrary JavaScript code in the context of a victim's browser.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -28,8 +33,10 @@
2833
}
2934
],
3035
"database_specific": {
31-
"cwe_ids": [],
32-
"severity": null,
36+
"cwe_ids": [
37+
"CWE-79"
38+
],
39+
"severity": "MODERATE",
3340
"github_reviewed": false,
3441
"github_reviewed_at": null,
3542
"nvd_published_at": "2026-05-18T18:17:21Z"

advisories/unreviewed/2026/05/GHSA-qrv4-g78c-hphg/GHSA-qrv4-g78c-hphg.json

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,18 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-qrv4-g78c-hphg",
4-
"modified": "2026-05-18T18:31:30Z",
4+
"modified": "2026-05-19T00:31:34Z",
55
"published": "2026-05-18T18:31:30Z",
66
"aliases": [
77
"CVE-2026-29965"
88
],
99
"details": "HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax.",
10-
"severity": [],
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
14+
}
15+
],
1116
"affected": [],
1217
"references": [
1318
{
@@ -28,8 +33,10 @@
2833
}
2934
],
3035
"database_specific": {
31-
"cwe_ids": [],
32-
"severity": null,
36+
"cwe_ids": [
37+
"CWE-79"
38+
],
39+
"severity": "MODERATE",
3340
"github_reviewed": false,
3441
"github_reviewed_at": null,
3542
"nvd_published_at": "2026-05-18T18:17:21Z"

0 commit comments

Comments
 (0)