CVE-2026-3455 MEDIUM

CVE-2026-3455

Vendor N/A
Product mailparser
Weakness CWE-79 · XSS
Published March 3, 2026
Last update March 3, 2026
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P

What the vulnerability does

01Description

Versions of the package mailparser before 3.9.3 are vulnerable to Cross-site Scripting (XSS) via the textToHtml() function due to the improper sanitisation of URLs in the email content. An attacker can execute arbitrary scripts in victim browsers by adding extra quote " to the URL with embedded malicious JavaScript code.

Key dates

02Disclosure timeline

March 3, 2026 CVE published
March 3, 2026 Record updated