Hastymail2 'background' Attribute Cross-site Scripting Vulnerability Network Vulnerability

Summary

The host is running Hastymail2 and is prone to cross-site scripting vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site. Impact Level: Application

Solution

Upgrade to the Hastymail2 1.01 or later For updates refer to http://www.hastymail.org/blogs/News/

Insight

The flaw is caused by improper validation of crafted background attribute within a cell in a TABLE element which allows remote attackers to inject arbitrary web script or HTML.

Affected

Hastymail2 version prior to 1.01

References

http://openwall.com/lists/oss-security/2011/01/05/3
http://openwall.com/lists/oss-security/2011/01/06/14
http://www.hastymail.org/security/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4646

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe BlazeDS XML and XML External Entity Injection Vulnerabilities
Apache ActiveMQ Source Code Information Disclosure Vulnerability
Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
Apache Tomcat Multiple Vulnerabilities June-09
Advanced Image Hosting Cross Site Scripting Vulnerability

Hastymail2 'background' Attribute Cross-site scripting vulnerability

Take action and discover your vulnerabilities