Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by mhonarc
CVE-2010-4524 (GCVE-0-2010-4524)
Vulnerability from nvd – Published: 2011-01-03 19:26 – Updated: 2024-08-07 03:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2010-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664718"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/4"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/5"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "45528",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/bugs/?32013"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/7"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html"
},
{
"name": "[oss-security] 20101221 CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by \u003cscr\u003cbody\u003eipt\u003e and \u003c/scr\u003cbody\u003eipt\u003e sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-12T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664718"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/4"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/5"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "45528",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/bugs/?32013"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/7"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html"
},
{
"name": "[oss-security] 20101221 CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4524",
"datePublished": "2011-01-03T19:26:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1677 (GCVE-0-2010-1677)
Vulnerability from nvd – Published: 2011-01-03 19:26 – Updated: 2024-08-07 01:35
VLAI
Summary
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2010/3344 | vdb-entryx_refsource_VUPEN |
| http://www.mail-archive.com/mhonarc-dev%40mhonarc… | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2011/0067 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/42694 | third-party-advisoryx_refsource_SECUNIA |
| http://savannah.nongnu.org/bugs/?32014 | x_refsource_CONFIRM |
| http://lists.mandriva.com/security-announce/2011-… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2010-12-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mhonarc-start-tags-dos(64656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a \u003cbo\u003cbo\u003cbo\u003cbo\u003cbody\u003edy\u003edy\u003edy\u003edy\u003e sequence, a different vulnerability than CVE-2010-4524."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mhonarc-start-tags-dos(64656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a \u003cbo\u003cbo\u003cbo\u003cbo\u003cbody\u003edy\u003edy\u003edy\u003edy\u003e sequence, a different vulnerability than CVE-2010-4524."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mhonarc-start-tags-dos(64656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42694"
},
{
"name": "http://savannah.nongnu.org/bugs/?32014",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1677",
"datePublished": "2011-01-03T19:26:00.000Z",
"dateReserved": "2010-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1388 (GCVE-0-2002-1388)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/6479 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2002/dsa-221 | vendor-advisoryx_refsource_DEBIAN |
| http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2002-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180%40mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180%40mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"name": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180@mcguire.earlhood.com",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180@mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1388",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1307 (GCVE-0-2002-1307)
Vulnerability from nvd – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/6204 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2002/dsa-199 | vendor-advisoryx_refsource_DEBIAN |
| http://www.osvdb.org/7353 | vdb-entryx_refsource_OSVDB |
Date Public
2002-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mhonarc-mime-header-xss(10666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256%40mcguire.earlhood.com"
},
{
"name": "6204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mhonarc-mime-header-xss(10666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256%40mcguire.earlhood.com"
},
{
"name": "6204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mhonarc-mime-header-xss(10666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"name": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256@mcguire.earlhood.com",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256@mcguire.earlhood.com"
},
{
"name": "6204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1307",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0738 (GCVE-0-2002-0738)
Vulnerability from nvd – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI
Summary
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2002/dsa-163 | vendor-advisoryx_refsource_DEBIAN |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mhonarc.org/MHonArc/CHANGES | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/4546 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/8894.php | vdb-entryx_refsource_XF |
Date Public
2002-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-163",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8894.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"\u0026={script}\" syntax."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-163",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8894.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"\u0026={script}\" syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-163",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"name": "http://www.mhonarc.org/MHonArc/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8894.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0738",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:56:38.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1677 (GCVE-0-2010-1677)
Vulnerability from cvelistv5 – Published: 2011-01-03 19:26 – Updated: 2024-08-07 01:35
VLAI
Summary
MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a <bo<bo<bo<bo<body>dy>dy>dy>dy> sequence, a different vulnerability than CVE-2010-4524.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.vupen.com/english/advisories/2010/3344 | vdb-entryx_refsource_VUPEN |
| http://www.mail-archive.com/mhonarc-dev%40mhonarc… | mailing-listx_refsource_MLIST |
| http://www.vupen.com/english/advisories/2011/0067 | vdb-entryx_refsource_VUPEN |
| http://secunia.com/advisories/42694 | third-party-advisoryx_refsource_SECUNIA |
| http://savannah.nongnu.org/bugs/?32014 | x_refsource_CONFIRM |
| http://lists.mandriva.com/security-announce/2011-… | vendor-advisoryx_refsource_MANDRIVA |
Date Public
2010-12-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.485Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mhonarc-start-tags-dos(64656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a \u003cbo\u003cbo\u003cbo\u003cbo\u003cbody\u003edy\u003edy\u003edy\u003edy\u003e sequence, a different vulnerability than CVE-2010-4524."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mhonarc-start-tags-dos(64656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MHonArc 2.6.16 allows remote attackers to cause a denial of service (CPU consumption) via start tags that are placed within other start tags, as demonstrated by a \u003cbo\u003cbo\u003cbo\u003cbo\u003cbody\u003edy\u003edy\u003edy\u003edy\u003e sequence, a different vulnerability than CVE-2010-4524."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mhonarc-start-tags-dos(64656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64656"
},
{
"name": "ADV-2010-3344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32014] CVE-2010-1677: DoS when processing html messages with deep tag nesting",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/mhonarc-dev@mhonarc.org/msg01297.html"
},
{
"name": "ADV-2011-0067",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "42694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42694"
},
{
"name": "http://savannah.nongnu.org/bugs/?32014",
"refsource": "CONFIRM",
"url": "http://savannah.nongnu.org/bugs/?32014"
},
{
"name": "MDVSA-2011:003",
"refsource": "MANDRIVA",
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1677",
"datePublished": "2011-01-03T19:26:00.000Z",
"dateReserved": "2010-04-30T00:00:00.000Z",
"dateUpdated": "2024-08-07T01:35:53.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4524 (GCVE-0-2010-4524)
Vulnerability from cvelistv5 – Published: 2011-01-03 19:26 – Updated: 2024-08-07 03:51
VLAI
Summary
Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by <scr<body>ipt> and </scr<body>ipt> sequences.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
Date Public
2010-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:17.051Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664718"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/4"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/5"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "45528",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45528"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://savannah.nongnu.org/bugs/?32013"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/7"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html"
},
{
"name": "[oss-security] 20101221 CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in MHonArc 2.6.16 allows remote attackers to inject arbitrary web script or HTML via a malformed start tag and end tag for a SCRIPT element, as demonstrated by \u003cscr\u003cbody\u003eipt\u003e and \u003c/scr\u003cbody\u003eipt\u003e sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-12T10:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=664718"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/4"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/22/5"
},
{
"name": "ADV-2010-3344",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3344"
},
{
"name": "ADV-2011-0067",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0067"
},
{
"name": "45528",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45528"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607693"
},
{
"name": "42694",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42694"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://savannah.nongnu.org/bugs/?32013"
},
{
"name": "[oss-security] 20101221 Re: CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/7"
},
{
"name": "MDVSA-2011:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://lists.mandriva.com/security-announce/2011-01/msg00004.php"
},
{
"name": "[mhonarc-dev] 20101230 [bug #32013] CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/mhonarc-dev%40mhonarc.org/msg01296.html"
},
{
"name": "[oss-security] 20101221 CVE Request -- MHonArc: Improper escaping of certain HTML sequences (XSS)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2010/12/21/4"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-4524",
"datePublished": "2011-01-03T19:26:00.000Z",
"dateReserved": "2010-12-09T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:51:17.051Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1388 (GCVE-0-2002-1388)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/6479 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2002/dsa-221 | vendor-advisoryx_refsource_DEBIAN |
| http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2002-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "6479",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180%40mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "6479",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180%40mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1388",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "6479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6479"
},
{
"name": "DSA-221",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-221"
},
{
"name": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180@mcguire.earlhood.com",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200212220120.gBM1K8502180@mcguire.earlhood.com"
},
{
"name": "mhonarc-m2htexthtml-filter-xss(10950)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10950"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1388",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-12-30T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1307 (GCVE-0-2002-1307)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/6204 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2002/dsa-199 | vendor-advisoryx_refsource_DEBIAN |
| http://www.osvdb.org/7353 | vdb-entryx_refsource_OSVDB |
Date Public
2002-11-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "mhonarc-mime-header-xss(10666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256%40mcguire.earlhood.com"
},
{
"name": "6204",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/7353"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-18T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "mhonarc-mime-header-xss(10666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256%40mcguire.earlhood.com"
},
{
"name": "6204",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/7353"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mhonarc-mime-header-xss(10666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10666"
},
{
"name": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256@mcguire.earlhood.com",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users\u0026i=200210211713.g9LHDXE02256@mcguire.earlhood.com"
},
{
"name": "6204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6204"
},
{
"name": "DSA-199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-199"
},
{
"name": "7353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/7353"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1307",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-11-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0738 (GCVE-0-2002-0738)
Vulnerability from cvelistv5 – Published: 2003-04-02 05:00 – Updated: 2024-08-08 02:56
VLAI
Summary
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.debian.org/security/2002/dsa-163 | vendor-advisoryx_refsource_DEBIAN |
| http://archives.neohapsis.com/archives/bugtraq/20… | mailing-listx_refsource_BUGTRAQ |
| http://www.mhonarc.org/MHonArc/CHANGES | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/4546 | vdb-entryx_refsource_BID |
| http://www.iss.net/security_center/static/8894.php | vdb-entryx_refsource_XF |
Date Public
2002-04-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-163",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/8894.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-04-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"\u0026={script}\" syntax."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2003-03-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-163",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/8894.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using \"\u0026={script}\" syntax."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-163",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-163"
},
{
"name": "20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html"
},
{
"name": "http://www.mhonarc.org/MHonArc/CHANGES",
"refsource": "CONFIRM",
"url": "http://www.mhonarc.org/MHonArc/CHANGES"
},
{
"name": "4546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4546"
},
{
"name": "mhonarc-script-filtering-bypass(8894)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8894.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0738",
"datePublished": "2003-04-02T05:00:00.000Z",
"dateReserved": "2002-07-25T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:56:38.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}