MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using “&={script}” syntax.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mhonarc | < 2.5.11-1 | mhonarc_2.5.11-1_all.deb |
Debian | 11 | all | mhonarc | < 2.5.11-1 | mhonarc_2.5.11-1_all.deb |
Debian | 10 | all | mhonarc | < 2.5.11-1 | mhonarc_2.5.11-1_all.deb |
Debian | 999 | all | mhonarc | < 2.5.11-1 | mhonarc_2.5.11-1_all.deb |
Debian | 13 | all | mhonarc | < 2.5.11-1 | mhonarc_2.5.11-1_all.deb |