PT-2025-26486 · Unknown · Mail-0'S Zero
Embeddinglayer
·
Published
2025-06-21
·
Updated
2025-06-21
·
CVE-2025-52557
CVSS v4.0
8.6
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
Mail-0's Zero versions 0.8
Description:
The issue is related to improper sanitization, allowing an attacker to craft an email that executes javascript, leading to session hijacking. This is a Stored XSS Vulnerability in the Mail-0's Zero Email Solution.
Recommendations:
For version 0.8, update to version 0.81 to resolve the issue. As a temporary workaround, consider disabling javascript execution in emails until the patch is applied. Restrict access to sensitive email accounts to minimize the risk of session hijacking.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mail-0'S Zero