AIKIDO-2026-10346
github.com/axllent/mailpit is vulnerable to Cross-site Scripting (XSS)
54
Medium Risk
This Affects:
github.com/axllent/mailpitTL;DR
Affected versions of this package are affected by a **cross-site scripting (XSS)** vulnerability in the Mailpit web interface. Insufficient sanitization of user-controlled data rendered in the UI allows HTML or JavaScript content contained in email messages to be improperly handled and executed in a user’s browser when viewing messages. An attacker able to send a crafted email to a Mailpit instance could inject malicious script content that executes in the context of the Mailpit web interface, potentially allowing session manipulation or other client-side attacks against users viewing the message. The issue is addressed by improving sanitization and handling of rendered message content in the web UI.
Who does this affect?
You are affected if you are using a version that falls within the vulnerable range.
Background info
github.com/axllent/mailpit is vulnerable to Cross-site Scripting (XSS) in versions 1.0.0 - 1.29.2.
How to fix this
Upgrade the github.com/axllent/mailpit library to a patch version.
Are You Affected?
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.
SOC 2Compliant
ISO 27001Compliant