Amazon Linux 2 : evolution (ALAS-2025-2833)

The version of evolution installed on the remote host is prior to 3.28.5-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2833 advisory. An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 mailto?attach=... parameter, a...

SUSE CVE-2006-6142

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

SUSE CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

Code injection

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

UBUNTU-CVE-2020-11879

An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as...

Code injection

An issue was discovered in KDE KMail before 19.12.3. By using the proprietary non-RFC6068 "mailto?attach=..." parameter, a website or other source of mailto links can make KMail attach local files to a composed email message without showing a warning to the user, as demonstrated by an...

Three XSS issues in SquirrelMail

Multiple cross-site scripting XSS vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the 1 mailto parameter in a webmail.php, the 2 session and 3 deletedraft parameters in b compose.php, and 4 unspecified vectors involving "a...

iDEFENSE Security Advisory 03.09.04: Microsoft Outlook "mailto:" Parameter Passing Vulnerability

Microsoft Outlook "mailto:" Parameter Passing Vulnerability iDEFENSE Security Advisory 03.09.04 www.idefense.com/application/poi/display?id=79&type=vulnerabilities March 09, 2004 I. BACKGROUND Microsoft Outlook provides an integrated solution for managing and organizing e-mail messages, schedules...