Vulnz

**Name of the Vulnerable Software and Affected Versions** Mailhog version 1.0.1 **Description** Mailhog version 1.0.1 has a stored cross-site scripting issue. Attackers can inject malicious scripts through email attachments. By sending crafted emails with XSS payloads, attackers can execute arbitrary API calls, including message deletion, and manipulate the browser. The API endpoint is vulnerable to attacks through crafted email attachments. The `attachment` is the vulnerable parameter. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.