Description

mailgen is a Node.js package that generates responsive HTML e-mails for sending transactional mail. Prior to version 2.0.30, there is an HTML injection vulnerability in plaintext e-mails generated by Mailgen. Projects are affected if the Mailgen.generatePlaintext(email) method is used and given user-generated content. This vulnerability has been patched in version 2.0.30. A workaround involves stripping all HTML tags before passing any content into Mailgen.generatePlaintext(email).

INFO

Published Date :

2025-09-22T19:27:53.323Z

Last Modified :

2025-09-22T19:45:47.069Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-59526 vulnerability.

Vendors Products
Mailgen
  • Mailgen
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-59526.

URL Resource
https://github.com/eladnava/mailgen/commit/741a0190ddae0f408b22ae3b5f0f4c3f5cf4f11d cve-icon cve-icon cve-icon
https://github.com/eladnava/mailgen/security/advisories/GHSA-j2xj-h7w5-r7vp cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-59526 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-59526 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability