CVE-2022-50908

Name of the Vulnerable Software and Affected Versions Mailhog version 1.0.1

Description Mailhog version 1.0.1 has a stored cross-site scripting issue. Attackers can inject malicious scripts through email attachments. By sending crafted emails with XSS payloads, attackers can execute arbitrary API calls, including message deletion, and manipulate the browser. The API endpoint is vulnerable to attacks through crafted email attachments. The attachment is the vulnerable parameter.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.