Description
Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
Remediation
References
https://james.apache.org/hupa/index.html
http://svn.apache.org/viewvc?view=revision&revision=1373762
Related Vulnerabilities
CVE-2019-1003063 Vulnerability in maven package org.jenkins-ci.plugins:snsnotify
CVE-2014-3652 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2023-40037 Vulnerability in maven package org.apache.nifi:nifi-jms-processors
CVE-2017-10355 Vulnerability in maven package xerces:xercesimpl
CVE-2019-3797 Vulnerability in maven package org.springframework.data:spring-data-jpa