Ravishanker Kusuma

**Name of the Vulnerable Software and Affected Versions** mailparser versions prior to 3.9.3 **Description** The package mailparser is susceptible to Cross-site Scripting (XSS) due to insufficient sanitization of URLs within email content. Specifically, the `textToHtml()` function does not properly handle URLs, allowing an attacker to inject malicious JavaScript code by adding extra quotes to the URL. This can lead to the execution of arbitrary scripts in a victim's browser. **Recommendations** Update mailparser to version 3.9.3 or later.