Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1495


Vulnerability Score 4.3 4.3
CVE Id CVE-2002-1495
Last Modified 05 Sep 2008 04:30:44
Published 02 Apr 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.

Vulnerable Systems


  • Rudi Benkovic Jawmail 1.0

  • Rudi Benkovic Jawmail 1.0 Rc1

  • Rudi Benkovic Jawmail 1.0.1


BID - 5771

XF - jawmail-mail-message-xss(10152)

BUGTRAQ - 20020922 JAWmail XSS

Last Updated: 27 May 2016 10:37:22