oss-sec mailing list archives
[CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS
From: Daniel Gruno <humbedooh () apache org>
Date: Sat, 20 Apr 2019 11:30:39 -0500
CVE-2019-0218: Apache Pony Mail (incubating) Reflected XSS Severity: Moderate Vendor: The Apache Software Foundation Versions Affected: Apache Pony Mail (incubating) versions 0.8 through 0.10 Description: A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface. Mitigation: All users should upgrade to Pony Mail (incubating) v/0.11 Credit: - This issue was initially discovered by Francesco Soncina - ABN AMRO Red Team. References: http://ponymail.incubator.apache.org/support.html https://s.apache.org/pony11
Current thread:
- [CVE-2019-0218] Apache Pony Mail (incubating) Reflected XSS Daniel Gruno (Apr 20)