oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS

From: Daniel Gruno <humbedooh () apache org>
Date: Sat, 20 Apr 2019 11:30:39 -0500
CVE-2019-0218: Apache Pony Mail (incubating) Reflected XSS

Severity: Moderate

Vendor:
The Apache Software Foundation

Versions Affected:
Apache Pony Mail (incubating) versions 0.8 through 0.10

Description:
A vulnerability was discovered wherein a specially crafted URL could
enable reflected XSS via JavaScript in the pony mail interface.

Mitigation:
All users should upgrade to Pony Mail (incubating) v/0.11

Credit:
- This issue was initially discovered by Francesco Soncina - ABN AMRO
  Red Team.

References:
http://ponymail.incubator.apache.org/support.html
https://s.apache.org/pony11
Previous By Date Next
Previous By Thread Next

Current thread: