CVE-2002-1495

Name of the Vulnerable Software and Affected Versions JAWmail version 1.0-rc1

Description A cross-site scripting (XSS) issue allows remote attackers to insert arbitrary script or HTML via attached file names in the Read Mail feature, text/html mails displayed in a pop-up window, and certain malicious attributes within otherwise safe tags, such as onMouseOver.

Recommendations For JAWmail version 1.0-rc1, as a temporary workaround, consider disabling the display of attached file names in the Read Mail feature and restricting the display of text/html mails in pop-up windows until a patch is available. Avoid using malicious attributes within otherwise safe tags, such as onMouseOver, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.