CVE-2026-32095

MEDIUM

Plunk <0.7.1 - Stored XSS

Title source: llm

Description

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.1, Plunk's image upload endpoint accepted SVG files, which browsers treat as active documents capable of executing embedded JavaScript, creating a stored XSS vulnerability. This vulnerability is fixed in 0.7.1.

References (1)

Scores

CVSS v3 5.4
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status draft

Timeline

Published Mar 11, 2026
Tracked Since Mar 12, 2026