4 matches found
CVE-2016-4460
Apache Pony Mail versions 0.6c through 0.8b are affected by a vulnerability that allows remote attackers to bypass authentication. The reports consolidate this as a security bypass without detailing the underlying root cause in the provided documents. No remediation steps, patch versions, or expl...
CVE-2019-0218
CVE-2019-0218 affects the Pony Mail interface, where a specially crafted URL enables reflected XSS via JavaScript. Root cause: insufficient validation/handling of URL input in the interface leading to script execution. Exploitation details are not provided in the connected documents; no remediati...
CVE-2017-5658
The CVE-2017-5658 issue affects Apache Pony Mail (versions 0.7–0.9). The statistics generator could disclose timing information about messages (subjects/text bodies) on private lists because it returned timestamp data without proper authorization checks. The core root cause is improper authorizat...
CVE-2026-41873
Technical details are not publicly available in the provided documents; no concrete information on affected products, versions, root cause, or fixes is present. Monitor for updates.