CVE-2026-3455

Name of the Vulnerable Software and Affected Versions mailparser versions prior to 3.9.3

Description The package mailparser is susceptible to Cross-site Scripting (XSS) due to insufficient sanitization of URLs within email content. Specifically, the textToHtml() function does not properly handle URLs, allowing an attacker to inject malicious JavaScript code by adding extra quotes to the URL. This can lead to the execution of arbitrary scripts in a victim's browser.

Recommendations Update mailparser to version 3.9.3 or later.