Winmail Project Winmail — known CVE vulnerabilities
Every CVE whose affected-product data names Winmail Project Winmail, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-23776 — CVSS 7.5 (high): A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to…
CVE-2020-23774 — CVSS 6.1 (medium): A reflected XSS vulnerability exists in tohtml/convert.php of Winmail 6.5, which can cause JavaScript code to be executed.