Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1495

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2002-1495
Last Modified 05 Sep 2008 04:30:44
Published 02 Apr 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2002-1495

Summary

Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.

Vulnerable Systems

Application

  • Rudi Benkovic Jawmail 1.0

  • Rudi Benkovic Jawmail 1.0 Rc1

  • Rudi Benkovic Jawmail 1.0.1


References

BID - 5771

XF - jawmail-mail-message-xss(10152)

BUGTRAQ - 20020922 JAWmail XSS


Last Updated: 27 May 2016 10:37:22