2 matches found
CVE-2004-2704
HastyMail (PHP-based mail client) does not send the attachment parameter in the Content-Disposition header for attachments in versions ≤1.0.1 (stable) and ≤1.1 (development). This causes attachments to render inline in Internet Explorer when the download link is clicked, facilitating cross-site s...
CVE-2004-2704
Hastymail 1.0.1 and earlier stable and 1.1 and earlier development does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-si...