You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@ponymail.apache.org by Daniel Gruno <hu...@apache.org> on 2019/04/20 16:30:39 UTC
[CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS
CVE-2019-0218: Apache Pony Mail (incubating) Reflected XSS
Severity: Moderate
Vendor:
The Apache Software Foundation
Versions Affected:
Apache Pony Mail (incubating) versions 0.8 through 0.10
Description:
A vulnerability was discovered wherein a specially crafted URL could
enable reflected XSS via JavaScript in the pony mail interface.
Mitigation:
All users should upgrade to Pony Mail (incubating) v/0.11
Credit:
- This issue was initially discovered by Francesco Soncina - ABN AMRO
Red Team.
References:
http://ponymail.incubator.apache.org/support.html
https://s.apache.org/pony11