Back to search
CVE-2002-0738
Published: Apr 2, 2003
Modified: Aug 8, 2024
PUBLISHED
Description
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-163
vendor-advisory
x_refsource_DEBIAN
20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability
mailing-list
x_refsource_BUGTRAQ
http://www.mhonarc.org/MHonArc/CHANGES
x_refsource_CONFIRM
4546
vdb-entry
x_refsource_BID
mhonarc-script-filtering-bypass(8894)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now