Search criteria
12 vulnerabilities found for hastymail2 by hastymail
FKIE_CVE-2011-4542
Vulnerability from fkie_nvd - Published: 2011-11-30 04:05 - Updated: 2025-04-11 00:51
Severity ?
Summary
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | 1.0 | |
| hastymail | hastymail2 | 1.01 | |
| hastymail | hastymail2 | 1.1 | |
| hastymail | hastymail2 | 1.1 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0.1 | |
| hastymail | hastymail2 | 2.0.2 | |
| hastymail | hastymail2 | 2.0.3 | |
| hastymail | hastymail2 | 2.0.4 | |
| hastymail | hastymail2 | 2.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc8:*:*:*:*:*:*",
"matchCriteriaId": "E3D97957-11A4-46A9-91DB-D7A03FDF7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc9:*:*:*:*:*:*",
"matchCriteriaId": "D764BB4E-8FB0-4A54-81F5-2D6BD1C20C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DFD8A1F5-929B-4534-BAF2-192AA81577E6",
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "126B8E94-582D-4F6C-A55B-CD1CB03CBD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "32B972DB-4288-4033-A303-4B6C2D24949F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D38A0D54-9B26-4DF0-855A-BB52AB037578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F3743A7-E011-4BA1-84BF-226E626B2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4123E9-9F50-4119-A83C-4DEDC45E682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "3DDEE288-C16B-4DBB-B682-12718C18F74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "F949ED23-47B3-4904-94FD-68CC793E9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "F430975B-25C6-45BF-B1DA-F1E6AE83CAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "85902997-C153-4E20-9711-250139D59CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "28BE5C0E-7F9D-45B6-9A7E-36AE595D8627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8BD27752-5C26-4DEA-8049-27A20DB83B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "204EAE69-4092-462F-976F-A81290687738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB1DA29-8771-4526-B02F-5352C4F9C0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C497C3EA-D97E-477B-9D0A-A5E7DFC15341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38320742-8595-4F70-BCDD-48FF41F0081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D347E7-B8AA-4E23-9B5E-CE8DF73070F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI."
},
{
"lang": "es",
"value": "Hastymail v2.1.1 antes de RC2 permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) rs o (2) rsargs[] en una acci\u00f3n de Borrador a una URI por defecto."
}
],
"id": "CVE-2011-4542",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-30T04:05:58.747",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48308"
},
{
"source": "cve@mitre.org",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-4541
Vulnerability from fkie_nvd - Published: 2011-11-29 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | 1.0 | |
| hastymail | hastymail2 | 1.01 | |
| hastymail | hastymail2 | 1.1 | |
| hastymail | hastymail2 | 1.1 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0 | |
| hastymail | hastymail2 | 2.0.1 | |
| hastymail | hastymail2 | 2.0.2 | |
| hastymail | hastymail2 | 2.0.3 | |
| hastymail | hastymail2 | 2.0.4 | |
| hastymail | hastymail2 | 2.0.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc8:*:*:*:*:*:*",
"matchCriteriaId": "E3D97957-11A4-46A9-91DB-D7A03FDF7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc9:*:*:*:*:*:*",
"matchCriteriaId": "D764BB4E-8FB0-4A54-81F5-2D6BD1C20C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "DFD8A1F5-929B-4534-BAF2-192AA81577E6",
"versionEndIncluding": "2.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "126B8E94-582D-4F6C-A55B-CD1CB03CBD22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "32B972DB-4288-4033-A303-4B6C2D24949F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D38A0D54-9B26-4DF0-855A-BB52AB037578",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:1.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1F3743A7-E011-4BA1-84BF-226E626B2FF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD4123E9-9F50-4119-A83C-4DEDC45E682C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "3DDEE288-C16B-4DBB-B682-12718C18F74C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:a2:*:*:*:*:*:*",
"matchCriteriaId": "F949ED23-47B3-4904-94FD-68CC793E9532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "F430975B-25C6-45BF-B1DA-F1E6AE83CAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b2:*:*:*:*:*:*",
"matchCriteriaId": "85902997-C153-4E20-9711-250139D59CDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:b3:*:*:*:*:*:*",
"matchCriteriaId": "28BE5C0E-7F9D-45B6-9A7E-36AE595D8627",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8BD27752-5C26-4DEA-8049-27A20DB83B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "204EAE69-4092-462F-976F-A81290687738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB1DA29-8771-4526-B02F-5352C4F9C0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C497C3EA-D97E-477B-9D0A-A5E7DFC15341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "38320742-8595-4F70-BCDD-48FF41F0081B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D347E7-B8AA-4E23-9B5E-CE8DF73070F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action."
},
{
"lang": "es",
"value": "Una vulnerabilidad de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en index.php en Hastymail2 antes de la versi\u00f3n v2.1.1 RC2 permite a atacantes remotos inyectar HTML o secuencias de comandos web a trav\u00e9s del par\u00e1metro rs en una acci\u00f3n \u0027Drafts\u0027 en el buz\u00f3n."
}
],
"id": "CVE-2011-4541",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-11-29T00:55:01.060",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/48308"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-4646
Vulnerability from fkie_nvd - Published: 2011-01-18 18:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc8:*:*:*:*:*:*",
"matchCriteriaId": "E3D97957-11A4-46A9-91DB-D7A03FDF7062",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc9:*:*:*:*:*:*",
"matchCriteriaId": "D764BB4E-8FB0-4A54-81F5-2D6BD1C20C81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE8F18C-40C1-4BA5-891B-378A2064E9CC",
"versionEndIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Hastymail2 anterior a v1.01 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un atributo manipulado dentro de una celda en un elemento TABLE, relacionados con el uso indebido del filtro htmLawed."
}
],
"id": "CVE-2010-4646",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-01-18T18:03:08.017",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hastymail.org/security/"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/43681"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.hastymail.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/43681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-5051
Vulnerability from fkie_nvd - Published: 2011-01-18 18:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * | |
| hastymail | hastymail2 | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*",
"matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*",
"matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*",
"matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*",
"matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*",
"matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*",
"matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*",
"matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*",
"matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
},
{
"lang": "es",
"value": "Hastymail2 en versiones anteriores a la RC 8 no asigna el atributo \"secure\" para la cookie de sesi\u00f3n de una sesi\u00f3n https, lo que facilita a atacantes remotos capturar esta cookie interceptando su transmisi\u00f3n dentro de una sesi\u00f3n http."
}
],
"id": "CVE-2009-5051",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:06.533",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.hastymail.org/security/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.hastymail.org/security/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2011-4542 (GCVE-0-2011-4542)
Vulnerability from cvelistv5 – Published: 2011-11-30 02:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-3.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4542",
"datePublished": "2011-11-30T02:00:00",
"dateReserved": "2011-11-23T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4541 (GCVE-0-2011-4541)
Vulnerability from cvelistv5 – Published: 2011-11-29 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-2.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4541",
"datePublished": "2011-11-29T00:00:00",
"dateReserved": "2011-11-23T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5051 (GCVE-0-2009-5051)
Vulnerability from cvelistv5 – Published: 2011-01-18 17:00 – Updated: 2024-08-07 07:24
VLAI?
Summary
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hastymail.org/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hastymail.org/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"name": "http://www.hastymail.org/security/",
"refsource": "CONFIRM",
"url": "http://www.hastymail.org/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5051",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-18T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4646 (GCVE-0-2010-4646)
Vulnerability from cvelistv5 – Published: 2011-01-18 17:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hastymail.org/security/",
"refsource": "CONFIRM",
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4646",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4542 (GCVE-0-2011-4542)
Vulnerability from nvd – Published: 2011-11-30 02:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hastymail2 2.1.1 before RC2 allows remote attackers to execute arbitrary commands via the (1) rs or (2) rsargs[] parameter in a mailbox Drafts action to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-3.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-3.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4542",
"datePublished": "2011-11-30T02:00:00",
"dateReserved": "2011-11-23T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4541 (GCVE-0-2011-4541)
Vulnerability from nvd – Published: 2011-11-29 00:00 – Updated: 2024-08-07 00:09
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.786Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-05T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "48308",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48308"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 2.1.1 before RC2 allows remote attackers to inject arbitrary web script or HTML via the rs parameter in a mailbox Drafts action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48308",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48308"
},
{
"name": "https://www.dognaedis.com/vulns/DGS-SEC-2.html",
"refsource": "MISC",
"url": "https://www.dognaedis.com/vulns/DGS-SEC-2.html"
},
{
"name": "hastymail2-index-xss(71520)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/71520"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4541",
"datePublished": "2011-11-29T00:00:00",
"dateReserved": "2011-11-23T00:00:00",
"dateUpdated": "2024-08-07T00:09:18.786Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5051 (GCVE-0-2009-5051)
Vulnerability from nvd – Published: 2011-01-18 17:00 – Updated: 2024-08-07 07:24
VLAI?
Summary
Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hastymail.org/security/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hastymail.org/security/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hastymail2 before RC 8 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hastymail2-cookie-weak-security(64891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64891"
},
{
"name": "http://www.hastymail.org/security/",
"refsource": "CONFIRM",
"url": "http://www.hastymail.org/security/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5051",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-18T00:00:00",
"dateUpdated": "2024-08-07T07:24:54.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4646 (GCVE-0-2010-4646)
Vulnerability from nvd – Published: 2011-01-18 17:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/43681"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-09-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/43681"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-4646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hastymail.org/security/",
"refsource": "CONFIRM",
"url": "http://www.hastymail.org/security/"
},
{
"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/06/14"
},
{
"name": "hastymail2-table-xss(64962)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"
},
{
"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/01/05/3"
},
{
"name": "43681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43681"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4646",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2011-01-03T00:00:00",
"dateUpdated": "2024-08-07T03:51:17.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}