PT-2018-4051 · Apache · Hupa Webmail

Published

2018-02-27

Updated

2022-05-14

CVE-2012-3536

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Hupa Webmail application from the Apache James project versions prior to 0.0.3

Description The issue concerns two XSS vulnerabilities in the message list and view of the Hupa Webmail application. An attacker could exploit this by sending a carefully crafted email to a user, which would trigger the XSS when the email was opened or when a list of messages were viewed.

Recommendations For versions prior to 0.0.3, update to version 0.0.3 to resolve the issue.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2012-3536

GHSA-7CRP-P2VC-69R7

Affected Products

Hupa Webmail

PT-2018-4051 · Apache · Hupa Webmail

CVE-2012-3536

Weakness Enumeration

Related Identifiers

Affected Products

References · 5