CVE Catalog

CVE-2026-57322

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

Unauthenticated Cross Site Scripting (XSS) vulnerability in weMail versions up to 2.1.2.

Risk Assessment

An attacker can inject malicious JavaScript code, leading to session theft, redirects, or site defacement.

Recommendation

Immediately update the weMail plugin to a version newer than 2.1.2.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS