You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@ponymail.apache.org by Daniel Gruno <hu...@apache.org> on 2019/04/20 16:30:39 UTC

[CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS

CVE-2019-0218: Apache Pony Mail (incubating) Reflected XSS

Severity: Moderate

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Pony Mail (incubating) versions 0.8 through 0.10

Description:
A vulnerability was discovered wherein a specially crafted URL could
enable reflected XSS via JavaScript in the pony mail interface.

Mitigation:
All users should upgrade to Pony Mail (incubating) v/0.11

Credit:
- This issue was initially discovered by Francesco Soncina - ABN AMRO
   Red Team.

References:
http://ponymail.incubator.apache.org/support.html
https://s.apache.org/pony11