Security Advisory

CVE-2025-59526

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-22 19:27:53

Last updated 2025-09-22 19:45:47

Assigner GitHub_M

State PUBLISHED

Description

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email).

← Browse all CVEs View on cve.org ↗