CVE-2026-7460— mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped

mailcow-dockerized 2026-03b - Stored XSS in Queue Manager via unescaped

mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding. This issue affects mailcow-dockerized: 2026-03b.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

mailcow dockerized 跨站脚本漏洞

mailcow dockerized是mailcow开源的一个应用程序。 mailcow dockerized 2026-03b版本存在跨站脚本漏洞，该漏洞源于管理员队列管理器存在存储型跨站脚本漏洞，可能导致服务器控制的Postfix队列字段被渲染为HTML且输出编码不足。

N/A

N/A