CVE-2026-29964

Name of the Vulnerable Software and Affected Versions HSC MailInspector version 5.3.3-7

Description A Cross-Site Scripting (XSS) issue exists in the '/tap/tap.php' endpoint. This occurs because user-controlled input is not properly neutralized, even when alternate or obfuscated JavaScript syntax is used. The endpoint reflects unsanitized input in HTTP responses without adequate output encoding, which enables a remote attacker to execute arbitrary JavaScript code within the browser of a victim.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.