CVE-2004-2704

Name of the Vulnerable Software and Affected Versions Hastymail versions 1.0.1 and earlier Hastymail development versions 1.1 and earlier

Description The issue allows attachments to be rendered inline by Internet Explorer, potentially facilitating cross-site scripting (XSS) and other attacks, due to the absence of the attachment parameter in the Content-Disposition field for attachments.

Recommendations For Hastymail versions 1.0.1 and earlier, consider updating to a version that includes the attachment parameter in the Content-Disposition field to prevent inline rendering of attachments. For Hastymail development versions 1.1 and earlier, consider updating to a version that includes the attachment parameter in the Content-Disposition field to prevent inline rendering of attachments. As a temporary workaround, consider configuring Internet Explorer to not render attachments inline, or avoid using Internet Explorer to access attachments from Hastymail until the issue is resolved.