Hypermail · Hypermail · CVE-2010-4339
**Name of the Vulnerable Software and Affected Versions**
Hypermail version 2.2.0
**Description**
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via a crafted `From` address. This occurs because the `From` address is not properly handled when indexing messages.
**Recommendations**
For Hypermail version 2.2.0, consider updating to a newer version that properly handles the `From` address to prevent XSS attacks. As a temporary workaround, restrict the ability to inject arbitrary web script or HTML via the `From` address when indexing messages.