Primary

Context

Mailgen HTML Injection Vulnerability in Plaintext Emails

Vulnerability

A vulnerability allowing HTML injection in plaintext emails has been identified in the Mailgen Node.js package, prior to version 2.0.30. This issue arises when the 'Mailgen.generatePlaintext(email)' method is used with user-generated content, creating a risk for projects that rely on this functionality.

Impact

Exploitation of this vulnerability allows for HTML injection in plaintext emails, which could be misused to manipulate email content or formatting.

Remediation

Users can upgrade to Mailgen version 2.0.30 or later to address this vulnerability. Alternatively, HTML tags can be stripped from content before it is passed to the 'Mailgen.generatePlaintext(email)' method.

Added: Sep 22, 2025, 10:04 PM

Updated: Sep 22, 2025, 10:04 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

8.1

remediation

0.0

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Mailgen HTML Injection Vulnerability in Plaintext Emails

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating