Two XSS vulnerabilities were fixed in message list and view in the Hupa Webmail application from the Apache James project. An attacker could send a carefully crafted email to a user of Hupa which would trigger a XSS when the email was opened or when a list of messages were viewed. This issue was addressed in Hupa 0.0.3.
[
{
"product": "Apache Hupa",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Hupa versions prior to 0.0.3"
}
]
}
]