CVE-2012-3536

Name of the Vulnerable Software and Affected Versions Hupa Webmail application from the Apache James project versions prior to 0.0.3

Description The issue concerns two XSS vulnerabilities in the message list and view of the Hupa Webmail application. An attacker could exploit this by sending a carefully crafted email to a user, which would trigger the XSS when the email was opened or when a list of messages were viewed.

Recommendations For versions prior to 0.0.3, update to version 0.0.3 to resolve the issue.