What the vulnerability does
01Description
SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates.
CVSS base score
5.3/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
April 2, 2026
CVE published
April 2, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2022-36020 Bypass of Cross-Site Scripting Protection in typo3/html-sanitizer
CVE-2024-43184 IBM Jazz Foundation cross-site scripting
CVE-2024-27140 Apache Archiva: reflected XSS
CVE-2024-4634 Elementor Header & Footer Builder <= 1.6.28 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2023-4840 MapPress Maps for WordPress <= 2.88.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
