XSS in Hastymail Hastymail2
CVE-2010-4646
Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.003 (56.2th percentile) — read the EPSS interpretation.
Affected products
- Hastymail Hastymail2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Vendor Advisory)
- [oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS (mailing-list, x_refsource_MLIST, Patch)
- hastymail2-table-xss(64962) (vdb-entry, x_refsource_XF)
- [oss-security] 20110106 CVE request: hastymail before 1.01 XSS (mailing-list, x_refsource_MLIST, Patch)
- 43681 (vdb-entry, x_refsource_BID)