CVE-2026-29965

Description

HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscated JavaScript syntax.

CVSS Vector

References

• https://github.com/sql3t0/cve-disclosures
• https://github.com/sql3t0/cve-disclosures/blob/main/04_-_CVE-2026-29965_XSS.md
• https://hsclabs.com/pt-br/mailinspector/