Lucene search

K
osvGoogleOSV:DSA-199
HistoryNov 19, 2002 - 12:00 a.m.

mhonarc - cross site scripting

2002-11-1900:00:00
Google
osv.dev
4

0.015 Low

EPSS

Percentile

86.8%

Steven Christey discovered a cross site scripting vulnerability in
mhonarc, a mail to HTML converter. Carefully crafted message headers
can introduce cross site scripting when mhonarc is configured to
display all headers lines on the web. However, it is often useful to
restrict the displayed header lines to To, From and Subject, in which
case the vulnerability cannot be exploited.

This problem has been fixed in version 2.5.2-1.2 for the current
stable distribution (woody), in version 2.4.4-1.2 for the old stable
distribution (potato) and in version 2.5.13-1 for the unstable
distribution (sid).

We recommend that you upgrade your mhonarc package.

0.015 Low

EPSS

Percentile

86.8%