Skip to main content

Mailvelope

4 CVEs product

Monthly

CVE-2019-9150 MEDIUM This Month

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
CVSS 3.0
5.3
EPSS
1.4%
CVE-2019-9149 MEDIUM POC This Month

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Mailvelope
NVD GitHub
CVSS 3.1
6.5
EPSS
0.9%
CVE-2019-9148 MEDIUM POC This Month

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
CVSS 3.1
4.3
EPSS
1.4%
CVE-2019-9147 MEDIUM This Month

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailvelope
NVD GitHub
CVSS 3.0
4.3
EPSS
1.4%
EPSS 1% CVSS 5.3
MEDIUM This Month

Mailvelope prior to 3.3.0 does not require user interaction to import public keys shown on web page. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM POC This Month

Mailvelope prior to 3.3.0 allows private key operations without user interaction via its client-API. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Jwt Attack Information Disclosure Mailvelope
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Mailvelope prior to 3.3.0 accepts or operates with invalid PGP public keys: Mailvelope allows importing keys that contain users without a valid self-certification. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mailvelope
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM This Month

Mailvelope prior to 3.1.0 is vulnerable to a clickjacking attack against the settings page. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailvelope
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy