FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

postorius -- XSS

Affected packages
py310-postorius < 1.3.13_2
py311-postorius < 1.3.13_2
py312-postorius < 1.3.13_2
py313-postorius < 1.3.13_2
py314-postorius < 1.3.13_2
py315-postorius < 1.3.13_2

Details

VuXML ID 5b3b7f60-4de9-11f1-873e-0f64d023d0c7
Discovery 2025-01-29
Entry 2026-05-12

NIST reports:

Postorius through 1.3.13 does not escape HTML in the message subject when rendering it in the Held messages pop-up, as exploited in the wild in May 2026.

[source]

References

CVE Name CVE-2026-44742
URL https://nvd.nist.gov/vuln/detail/CVE-2026-44742

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.