Vulnerabilities > Winmail Project

DATE CVE VULNERABILITY TITLE RISK
2021-01-26 CVE-2020-23776 Server-Side Request Forgery (SSRF) vulnerability in Winmail Project Winmail 6.5
A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on.
network
low complexity
winmail-project CWE-918
7.5
2021-01-26 CVE-2020-23774 Cross-site Scripting vulnerability in Winmail Project Winmail 6.5
A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.
network
low complexity
winmail-project CWE-79
6.1