CVE-2026-35390 | bulwarkmail webmail up to 1.4.10 Email Content-Security-Policy-Report-Only cross site scripting

Inserito da Angelo Barbosa | Apr 6, 2026 | CVE

A vulnerability classified as problematic was found in bulwarkmail webmail up to 1.4.10. The impacted element is an unknown function of the component Email Handler. Such manipulation of the argument Content-Security-Policy-Report-Only leads to cross site scripting.

This vulnerability is referenced as CVE-2026-35390. It is possible to launch the attack remotely. No exploit is available.

Upgrading the affected component is advised.

CVE-2026-35390 | bulwarkmail webmail up to 1.4.10 Email Content-Security-Policy-Report-Only cross site scripting

Post correlati

CVE-2026-2514 | Progress Flowmon ADS up to 12.5.4/13.0.2 cross site scripting

CVE-2025-11529 | ChurchCRM up to 5.18.0 API Endpoint AuthMiddleware.php AuthMiddleware missing authentication

CVE-2025-22675 | bPlugins Alert Box Block up to 1.1.0 on WordPress notice/alerts cross site scripting

CVE-2024-8828 | PDF-XChange Editor EMF File Parser out-of-bounds (ZDI-24-1251)