Login Sign Up

CVE-2021-47768

6.1 MEDIUM
Cross-Site Scripting

📋 TL;DR

CVE-2021-47768 is a persistent HTML injection vulnerability in ImportExportTools NG 10.0.4 for Thunderbird. Attackers can send emails with malicious HTML in subjects that execute during HTML export, potentially compromising user data or session credentials. Users of the vulnerable add-on version are affected.

💻 Affected Systems

Products:
  • ImportExportTools NG Thunderbird add-on
Versions: 10.0.4
Operating Systems: All platforms running Thunderbird with the add-on
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability requires the add-on to be installed and used for HTML email export functionality.

📦 What is this software?

Importexporttools Ng by Cleidigh

View all CVEs affecting Importexporttools Ng →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers steal session credentials or sensitive user data through malicious HTML execution during email export, leading to account compromise or data exfiltration.

🟠

Likely Case

Attackers inject malicious scripts that execute when users export emails to HTML, potentially stealing browser session data or performing unauthorized actions.

🟢

If Mitigated

With proper input validation and output encoding, HTML injection is prevented, maintaining email export functionality safely.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires sending crafted emails to target users who then export them using the vulnerable add-on.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.5 or later

Vendor Advisory: https://addons.thunderbird.net/en-US/thunderbird/addon/importexporttools-ng/

Restart Required: Yes

Instructions:

1. Open Thunderbird. 2. Go to Add-ons Manager. 3. Check for updates for ImportExportTools NG. 4. Update to version 10.0.5 or later. 5. Restart Thunderbird.

🔧 Temporary Workarounds

Disable HTML Export

all

Temporarily disable HTML export functionality in ImportExportTools NG settings.

Uninstall Add-on

all

Remove ImportExportTools NG until patched version is available.

🧯 If You Can't Patch

  • Avoid exporting emails to HTML format using the vulnerable add-on.
  • Use alternative email export methods or tools until patched.

🔍 How to Verify

Check if Vulnerable:

Check ImportExportTools NG version in Thunderbird Add-ons Manager. If version is 10.0.4, system is vulnerable.

Check Version:

No command-line check; verify through Thunderbird Add-ons Manager interface.

Verify Fix Applied:

Verify ImportExportTools NG version is 10.0.5 or later in Add-ons Manager after update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual HTML export activities or errors in Thunderbird logs

Network Indicators:

  • Incoming emails with suspicious HTML content in subjects

SIEM Query:

Email logs showing HTML export events from Thunderbird with ImportExportTools NG

📊 Metadata

CVE ID: CVE-2021-47768
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.06% exploit probability (17.5th percentile)
Published: January 15, 2026
Last Updated: January 30, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47768, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)