CVE-2010-4646 - OpenCVE

Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hastymail	Hastymail2

Configuration 1 [-]

OR	cpe:2.3:a:hastymail:hastymail2::beta1::::::*
	cpe:2.3:a:hastymail:hastymail2::beta2::::::*
	cpe:2.3:a:hastymail:hastymail2::beta3::::::*
	cpe:2.3:a:hastymail:hastymail2::rc1::::::*
	cpe:2.3:a:hastymail:hastymail2::rc2::::::*
	cpe:2.3:a:hastymail:hastymail2::rc3::::::*
	cpe:2.3:a:hastymail:hastymail2::rc4::::::*
	cpe:2.3:a:hastymail:hastymail2::rc5::::::*
	cpe:2.3:a:hastymail:hastymail2::rc6::::::*
	cpe:2.3:a:hastymail:hastymail2::rc7::::::*
	cpe:2.3:a:hastymail:hastymail2::rc8::::::*
	cpe:2.3:a:hastymail:hastymail2::rc9::::::*
	cpe:2.3:a:hastymail:hastymail2::::::::

No data.

References

Link	Providers
http://openwall.com/lists/oss-security/2011/01/05/3
http://openwall.com/lists/oss-security/2011/01/06/14
http://www.hastymail.org/security/
http://www.securityfocus.com/bid/43681
https://exchange.xforce.ibmcloud.com/vulnerabilities/64962

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-01-18T17:00:00

Updated: 2024-08-07T03:51:17.962Z

Reserved: 2011-01-03T00:00:00

Link: CVE-2010-4646

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-01-18T18:03:08.017

Modified: 2017-08-17T01:33:17.243

Link: CVE-2010-4646

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-09-29T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.hastymail.org/security/"}, {"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"name": "hastymail2-table-xss(64962)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}, {"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"name": "43681", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/43681"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-4646", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.hastymail.org/security/", "refsource": "CONFIRM", "url": "http://www.hastymail.org/security/"}, {"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"name": "hastymail2-table-xss(64962)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}, {"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", "refsource": "MLIST", "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"name": "43681", "refsource": "BID", "url": "http://www.securityfocus.com/bid/43681"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T03:51:17.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.hastymail.org/security/"}, {"name": "[oss-security] 20110106 Re: CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"name": "hastymail2-table-xss(64962)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}, {"name": "[oss-security] 20110106 CVE request: hastymail before 1.01 XSS", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"name": "43681", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/43681"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2010-4646", "datePublished": "2011-01-18T17:00:00", "dateReserved": "2011-01-03T00:00:00", "dateUpdated": "2024-08-07T03:51:17.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta1:*:*:*:*:*:*", "matchCriteriaId": "17631BFA-B2A5-487E-99AB-5B4E25A90B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta2:*:*:*:*:*:*", "matchCriteriaId": "AC76ADC8-D667-47CD-9039-94385EC33013", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:beta3:*:*:*:*:*:*", "matchCriteriaId": "6E54C8B1-14FB-49A8-B86E-D7F72ED7CBF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc1:*:*:*:*:*:*", "matchCriteriaId": "2F912F5D-7038-4BD2-AFC3-61073FC1EED0", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc2:*:*:*:*:*:*", "matchCriteriaId": "B4CE257B-569C-4A0F-B39D-182962C0B4B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc3:*:*:*:*:*:*", "matchCriteriaId": "D59EB083-C0C4-4522-8EF3-D188C026D236", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc4:*:*:*:*:*:*", "matchCriteriaId": "13C81A5F-541F-47BF-8ABC-F8C58417DB2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc5:*:*:*:*:*:*", "matchCriteriaId": "1E4B6B96-94ED-460B-BC38-E2C926959BE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc6:*:*:*:*:*:*", "matchCriteriaId": "9D2DDFB5-E74A-41C4-A6E6-2DFC7BD744EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc7:*:*:*:*:*:*", "matchCriteriaId": "9F20ADB5-9E5F-4728-8FE1-0919174FAA53", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc8:*:*:*:*:*:*", "matchCriteriaId": "E3D97957-11A4-46A9-91DB-D7A03FDF7062", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:rc9:*:*:*:*:*:*", "matchCriteriaId": "D764BB4E-8FB0-4A54-81F5-2D6BD1C20C81", "vulnerable": true}, {"criteria": "cpe:2.3:a:hastymail:hastymail2:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBE8F18C-40C1-4BA5-891B-378A2064E9CC", "versionEndIncluding": "1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 allows remote attackers to inject arbitrary web script or HTML via a crafted background attribute within a cell in a TABLE element, related to improper use of the htmLawed filter."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Hastymail2 anterior a v1.01 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un atributo manipulado dentro de una celda en un elemento TABLE, relacionados con el uso indebido del filtro htmLawed."}], "id": "CVE-2010-4646", "lastModified": "2017-08-17T01:33:17.243", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-01-18T18:03:08.017", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/05/3"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://openwall.com/lists/oss-security/2011/01/06/14"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.hastymail.org/security/"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/43681"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64962"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}