Skip to main content

Mailcow Dockerized

1 CVEs product

Monthly

CVE-2026-7460 HIGH This Week

Stored cross-site scripting in the mailcow-dockerized administrator Queue Manager allows attackers who can influence Postfix queue metadata to inject HTML/JavaScript that executes in an authenticated administrator's browser. The flaw exists because the /api/v1/get/mailq/all endpoint feeds server-controlled queue fields into DataTables rows that are rendered as HTML without sufficient output encoding. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Mailcow Dockerized
NVD GitHub
CVSS 4.0
7.4
EPSS
0.0%
EPSS 0% CVSS 7.4
HIGH This Week

Stored cross-site scripting in the mailcow-dockerized administrator Queue Manager allows attackers who can influence Postfix queue metadata to inject HTML/JavaScript that executes in an authenticated administrator's browser. The flaw exists because the /api/v1/get/mailq/all endpoint feeds server-controlled queue fields into DataTables rows that are rendered as HTML without sufficient output encoding. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

XSS Mailcow Dockerized
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy