The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.
https://www.rainloop.net/changelog/
https://lists.debian.org/debian-lts-announce/2023/05/msg00027.html
https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw/