doremovespacemail action can be called by non-admins

The doremovespacemail action is provided by the confluence-mail-archiving plugin, and allows all of the archived mail associated with a space to be removed. This action can be called by any authenticated user, which appears to be an oversight in access control, given that similar methods such as...

DEBIAN-CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...