Lucene search
HistoryAug 12, 2002 - 4:00 a.m.
CVE-2002-0738
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.011
Percentile
84.7%
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using “&={script}” syntax.
Affected configurations
Node
mhonarcmhonarcMatch2.5
ORmhonarcmhonarcMatch2.5.1
ORmhonarcmhonarcMatch2.5.2
Related
openvas
openvas
Debian Security Advisory DSA 163-1 (mhonarc)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-163)
2008-01-17 00:00:00
osv
osv
mhonarc - cross site scripting
2002-09-09 00:00:00
cvelist
cvelist
CVE-2002-0738
2003-04-02 05:00:00
nessus
nessus
Debian DSA-163-1 : mhonarc - XSS
2004-09-29 00:00:00
CGI Generic XSS (comprehensive test)
2010-07-26 00:00:00
debian
debian
debiancve
debiancve
CVE-2002-0738
2003-04-02 05:00:00
cve
cve
CVE-2002-0738
2003-04-02 05:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
6.7
Confidence
Low
EPSS
0.011
Percentile
84.7%
Related for NVD:CVE-2002-0738