Name of the Vulnerable Software and Affected Versions Passbolt (affected versions not specified)

Description The issue concerns the handling of user-specified input in emails sent by Passbolt, which may contain HTML code. An authenticated attacker could inject HTML code, such as an img tag, into a password description to potentially obtain information about another user's mail user-agent. The impact of this issue is considered very low, as most mail user-agents do not embed remote images to protect user privacy.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.