CVE-2022-50908

HIGH 7.2

Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)

CVSS Score

7.2

EPSS Score

0.0%

EPSS Percentile

0th

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation.

CWE	CWE-79
Vendor	mailhog
Product	mailhog
Published	Jan 13, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for mailhog mailhog

Be the first to know when new high vulnerabilities affecting mailhog mailhog are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

Mailhog / Mailhog

1.0.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/50971 github.com: https://github.com/mailhog/MailHog shodan.io: https://www.shodan.io/search?query=mailhog vulncheck.com: https://www.vulncheck.com/advisories/mailhog-stored-cross-site-scripting-xss

Credits

Vulnz