SUSE CVE-2010-4524

Cross-site scripting XSS vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by ipt and ipt sequences...

CVE-2002-0738

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by 1 splitting the SCRIPT tag into smaller pieces, 2 including the script in a SRC argument to an IMG tag, or 3 using "&=script" syntax...